recent work

Surrey County Council fined £120,000 over Data Protection Breach

IT has reported that Surry County Council has been fined by the Information Commissioner’s Office (ICO) for a total of £120,000 for breaching the Data Protection Act.

The ICO confirmed that last year, the Council made three major breaches, all based on emailing sensitive data to the wrong party, which has resulted in the fine.  It is thought that the fine reflects the seriousness of the initial breach, which was then repeated several times.

“The fact that the first breach saw sensitive personal information relating to the health and welfare of 241 vulnerable individuals was sent to the wrong people is shocking enough…..  when you take into account the two similar breaches that followed, it is clear that Surrey County Council failed to fully address the risks of sending sensitive personal data by email until it was far too late,” said Christopher, Graham Information Commissioner.

Once the Surrey City Council pays the fine, ICO will send the funds to the HM Treasury’s Fund.

Go to to read the article in full.

Absolute Data works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked. Aside from this, organisations may not have the time, the funds or the knowledge to train staff or implement procedures to stop instance such as this from happening.

Absolute Data can take any hassle away from an organisation, and hold training and seminars, document information, carry out regular checks and reviews on an organisation’s behalf as well as purchase, implement and manage anything relating to Data Protection. For further information, contact us now at