Machins Solicitors LLP
Leading Solicitors in Bedfordshire, Hertfordshire & Buckinghamshire
  • Luton: 01582 514000
  • Berkhamsted: 01442 872311
  • Hemel Hempstead: 01442 345047

Council fined £120,000 for data protection breach

Posted: 12th December 2012   In: Corporate Commercial

Complying with data protection regulations remains a problem for many companies and organisations.

In a recent case, Stoke-on-Trent Council was fined £120,000 after one of its employees emailed sensitive information about a child protection case to the wrong person.

An investigation by the Information Commissioner’s Office (ICO) found that the employee breached the council’s guidance policy which stated that sensitive information should be encrypted or sent over a secure network.

However, in this case, the council had failed to provide encryption software and knew that emails were being sent to unsecure networks. The council had also failed to provide relevant training.

Stephen Eckersley, Head of Enforcement at the ICO, said: “If this data had been encrypted then the information would have stayed secure. Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure.

“The council has now introduced new measures to improve the security of information sent electronically, as well as signing a legal notice to improve the data protection training provided to their staff. This should limit the chances of further personal information being lost.”

The ICO says that anyone who processes personal information must comply with eight principles of the Data Protection Act. It’s essential to ensure that personal information is:

Please contact us if you would like more information about the issues raised in this article or any matter relating to business regulations.