ICO hands its biggest ever fine to Welsh council

After two major mishaps, Powys County Council receives the biggest fine handed out by the ICO to date.

Data security

The Information Commissioner's Office (ICO) today handed out its biggest fine yet, telling Powys County Council to hand over 130,000 for a serious snafu.

The local authority made a major blunder when details of a child protection case were sent to the wrong recipient.

It was believed two pages from one report were mistakenly collected from a printer and mixed up with other papers from a different case. The details were sent out without the council checking the documents.

The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented.

The recipient knew the identities of the parent and the child whose data was included in the documents. That recipient then made a complaint to the council before their mother made a further complaint through her MP.

This is not the first time Powys County Council has made such a notable blunder. In June 2010, the ICO was made aware that the same recipient was mistakenly sent information relating to a vulnerable child.

"It's the most serious case yet and it has attracted a record fine," said assistant commissioner for Wales Anne Jones.

"The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.

"There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK's local government sector to discuss how we can support them in addressing these problems."

On top of the fine, the ICO has served the council with an enforcement notice that legally requires the authority to improve its data protection practices.

All staff at the council must also now be trained on how to handle personal data by 13 March 2012, with a refresher carried out every three years.

The authority revealed disciplinary action had been taken against the member of staff involved in the breach.

"This was a regrettable case of human error and we have apologised to all parties for the distress the disclosure may have caused," said councillor Michael Jones, leader of Powys County Council.

"The council expects staff, particularly those working in sensitive areas, to maintain the highest possible professional standards."

Showing its teeth?

The significant fine comes just a week after the ICO hit two local authorities with monetary penalties. In one fell swoop, the data protection watchdog fined Worcestershire County Council 80,000 and North Somerset Council 60,000.

The ICO had been quiet on the fining front of late, yet its recent actions may go some distance to silencing critics.

During the Leveson inquiry this week, former deputy information commissioner Francis Aldhouse denied claims made by ex-ICO senior investigations officer Alex Owens that Aldhouse had said newspapers were "too big" to take on.

"I don't fear the media," Aldhouse said.

His comments came on the same day that the Leveson inquiry heard a barrister had advised the ICO in 2003 there was a strong case against journalists looking to obtain private data illegally.

The ICO is asking for stronger powers to deal with breaches of the Data Protection Act, including prison sentences for shocking cases.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Podcast Transcript: What’s so hard about public sector IT?
public sector

Podcast Transcript: What’s so hard about public sector IT?

3 Dec 2021
The IT Pro Podcast: What’s so hard about public sector IT?
public sector

The IT Pro Podcast: What’s so hard about public sector IT?

3 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
Majority of UK's top business leaders are failing to manage supply chain security risks
supply chain management (SCM)

Majority of UK's top business leaders are failing to manage supply chain security risks

16 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021