recent work

Council fined for failing to encrypt

Stoke-on-Trent City Council has been fined £120,000 after an employee sent an unencrypted email containing sensitive personal data to the wrong person. The employee, a solicitor involved in a child protection case, sent 11 emails relating to the case to a member of the public instead of legal counsel. Though the solicitor had acted in breach of the Council’s own guidance in sending the emails over an unsecured and unencrypted network, the body had failed to provide its legal department with encryption software, and knew that the team had to send emails to unsecure networks. The Council also provided no relevant training.

Stephen Eckersley, Head of Enforcement at the ICO, said “if this data had been encrypted then the information would have stayed secure. Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure.”