recent work

Third Council in as many weeks to receive monetary penalty from ICO for data breach

Powys County Council has been fined £130,000 after breaching the Data Protection Act. It is its second breach in two years; both breaches occurred in similar situations, after documents sent to shared printers were picked up and inadvertently sent to the wrong recipient. Details sent were in relation to child data protection cases.

The first breach in June 2010, was reported as a ‘one-off error’ by the Council, who promised to ensure social worker staff were trained appropriately; however following the second breach in February this year, it became evident that mandatory training for these staff had not been implemented, in fact no training had been provided at all.

This fine is the largest fine issued by the ICO since it gained the power to do so in April 2010. Assistant Commissioner for Wales Anne Jones said:

“There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems,” she said.

Jones added, “This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people. It’s the most serious case yet and it has attracted a record fine. The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.”

Comment
Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. DataWise, one of our services, provides clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.