HERTFORDSHIRE County Council has been fined �100,000 for two serious breaches of the Data Protection Act – including faxing details of a child sex abuse case to a member of the public.
The fine is one of the first two penalties issued by the Information Commissioner for breaching the act.
Both offences occurred on separate occasions in June this year, when employees in the council’s childcare litigation unit accidentally sent two faxes to the wrong recipients.
The first misdirected fax, containing highly-sensitive personal information about a child sex abuse case, was meant for barristers’ chambers – but was sent to a member of the public.
The council subsequently obtained a court injunction prohibiting any disclosure of the facts of the court case or circumstances of the data breach.
The second misdirected fax, sent 13 days later, contained information relating to the care proceedings of three children, the previous convictions of two individuals, domestic violence records and care professionals’ opinions.
The fax, intended for Watford County Court, was mistakenly sent to barristers’ chambers unconnected with the case.
The county council reported both breaches to the Information Commissioner’s Office.
Information Commissioner Christopher Graham ruled a �100,000 fine was appropriate, given the council’s procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress.
After the first breach occurred, the council did not take sufficient steps to reduce the likelihood of another breach occurring.
Mr Graham: “It is difficult to imagine information more sensitive than that relating to a child sex abuse case.
“I am concerned at this breach – not least because the local authority allowed it to happen twice within two weeks.”
Employment services company A4e was also fined �60,000 for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.
Mr Graham added: “These first monetary penalties send a strong message to all organisations handling personal information.
“Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half-a-million pounds.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here