The Information Commissioner’s Office (ICO) has served a monetary penalty of £60,000 to Plymouth City Council for a serious breach of the Data Protection Act where the details of a child neglect case were sent to the wrong recipient.
The data protection watchdog said the report included highly sensitive personal information about two parents and four children, notably allegations of child neglect resulting in ongoing care proceedings.
The Cheshire-based ICO found that the council had no secure system in place for printing reports containing sensitive personal data, and had failed to take reasonable steps to ensure reports were checked before they were sent out.
Stephen Eckersley, Head of Enforcement at the ICO, said: “It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information.
“The distress this incident will have caused the people involved is obvious, and the penalty we have issued reflects that.”
For a list of fined bodies – mainly councils and NHS trusts – visit http://www.ico.gov.uk/enforcement/fines.aspx.
