County council fined £120,000 for emailing intimate details to cab firm
Surrey County Council has been fined £120,000 for a series of privacy mistakes, including emailing 241 vulnerable individuals' intimate details to a list of email addresses that included cab firms and coach companies
5:07PM BST 09 Jun 2011
Intimate details of 241 vulnerable individuals were wrongly emailed to a cab firms mini-bus companies by Surrey County Council, it can be revealed.
A catalogue of privacy blunders at the council has been uncovered by the Information Commissioner’s Office, which has fined Surrey £120,000 for breaches of the Data Protection Act.
In May last year, a member of staff working for an Adult Social Care Team emailed the unencrypted file that contained 241 individuals’ physical and mental health details to the wrong group email address. Although the Council tried to recall the message, it could not confirm that all recipients had destroyed it and had not forwarded it on to others.
The next month, confidential personal details were accidentally emailed to people who had signed up to receive a council newsletter.
In January of this year, the council’s Children Services department sent confidential sensitive information about an individual’s health, to the wrong internal group email address.
Christopher Graham, the Information Commissioner, said, ““This significant penalty fully reflects the seriousness of the case. Any organisation handling sensitive information must have appropriate levels of security in place. Surrey County Council has paid the price for their failings and this case should act as a warning to others that lax data protection practices will not be tolerated.”
The ICO’s office said that £120,000 penalty reflected the council’s failure to ensure that it had appropriate security measures in place to handle sensitive information. The council said it had subsequently improved its policies and training and developed an ‘early warning’ system.
A Surrey County Council spokesman said: “These incidents should never have occurred and we have apologised to the people involved. Immediate action has been taken to prevent this happening again. Measures have already been taken to reduce the risk of sensitive personal data being wrongly addressed and extra training on handling data securely has been given. We accept the commissioner’s findings but feel the money we were fined by another public sector organisation would have been better spent making further improvements in Surrey."
Source; http://www.telegraph.co.uk/technology/n ... -firm.html
Login
Register
FAQ
