recent work

Council fined £80,000 for Data Protection Act breach

The Information Commissioner’s Office (ICO) has today announced that it has ordered Cheshire East Council to pay the monetary penalty ‘for failing to take appropriate measures to ensure the security and appropriateness of disclosure when emailing personal information’.

In May 2011, an email detailing concerns about an individual working in the area ended up being forwarded to 180 unintended recipients, after the correct policies and procedures were not followed; personal email accounts, not using a secure email system, and a lack of direction as to what to do once an individual received the email were factors that contributed to the breach.

Stephen Eckersley, Head of Enforcement, said:

“While we appreciate that it is vitally important for genuine concerns about individuals working in the voluntary sector to be circulated to relevant parties, a robust system must be put in place to ensure that information is appropriately managed and carefully disclosed. Cheshire East Council also failed to provide this particular employee with adequate data protection training. The highly sensitive nature of the information and the need to restrict its circulation should have been made clear to all recipients.

“I hope this case – along with the fact that we’ve handed out over one million pounds worth of penalties since our powers came into force – acts as a strong incentive for other councils to ensure that they have sufficient measures in place around protecting personal data.”

Following the breach, the council attempted to recall the email to prevent further dissemination. Over half (57%) of the recipients confirmed that they had deleted the information.

Comment
DataWise by Absolute Data, is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. DataWise, one of our services, provides clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.