Bungling council fined £60,000 after child neglect data protection breach
Published by Max Salsbury for 24dash.com in Local Government and also in Communities, Legal
A bungling council that sent a sensitive child neglect report to the wrong person has been fined £60,000 for a serious breach of the Data Protection Act.
The report sent out by Plymouth City council included highly sensitive personal information and allegations of child neglect about two parents and four children.
An investigation by the ICO (Information Commissioner’s Office) found that the council had failed to take reasonable steps to ensure reports were checked before they were sent out.
The ICO also discovered that the local authority had no secure system in place for printing reports containing sensitive data.
The breach was caused because of a mix up with the printing of reports. A social worker accidentally collected three pages of another social worker's case from a printer and posted them out to "family B".
When the mother of family B discovered the error she informed the council, which recovered the documents and advised her that the information was confidential.
However, the mother contacted "family A" through a social networking site to inform them that she had received information about their family.
The council has until 21 December to pay the fine; however, if it pays by the 20 December it will get a 20% reduction, taking the charge down to £48,000. The monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Commissioner.
Stephen Eckersley, Head of Enforcement at the ICO, said: “It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information.
“The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that.”
Plymouth City Council is yet to comment.