Powys County Council has been fined £130,000 for a serious breach of the Data Protection Act (DPA) by the Information Commissioner’s Office (ICO).
This is the largest fine issued by the commission since it was given the powers to do so in April 2010 and, according to Assistant Commissioner for Wales Anne Jones, this latest in a series of breaches in the sector shows a worrying trend. “There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems,” she said.
According to a statement by the ICO: “Two separate reports about child protection cases were sent to the same shared printer. It is thought that two pages from one report were then mistakenly collected with the papers from another case and were sent out without being checked. The recipient mistakenly received the two pages of the report and knew the identities of the parent and child whose personal details were included in the papers. The recipient made a complaint to the council and a further complaint was also submitted by the recipient’s mother via her MP.”
This breach, according to the statement, was not the council’s first. A similar incident, reported to the ICO in June 2010, occurred when a social worker sent information relating to another unrelated vulnerable child to the same member of the public, who also knew that child.
The council had insisted that the first incident was a one-off error and promised to put training in place to avoid further incidents. At the time of the second breach, seven months later, the council had still not made such training mandatory for social work staff, nor had any been provided.
The ICO had warned the council to introduce mandatory training and to tighten up its security measures, or face stronger measures, and now the ICO has threatened to take the council to court if it does not clean up its act.
Jones added, “This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people. It’s the most serious case yet and it has attracted a record fine. The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.”
Deliveries of Telsa's 'bulletproof' Cybertruck are reportedly on hold, amid user complaints side trims are…
New feature reportedly being developed by Apple for iOS 19, that will allow AirPods to…
Binance BNB token rises after WSJ report the Trump family is in talks to secure…
After failed Amazon deal, iRobot warns there is “substantial doubt about the Company's ability to…
Community Notes testing across Facebook, Instagram and Threads to begin next week in US, using…
View Comments
Fining a corporate public body is like fining the victim for being mugged. Individuals should be made to pay the fine, from the Chief executive down to the person committing the offence.
Exactly the same as a driving speeding fine on company business - its the individual who has to pay the fine.