Hertfordshire County Council fined for Data Protection Act breaches
HERTFORDSHIRE County Council has been fined �100,000 for two serious breaches of the Data Protection Act – including faxing details of a child sex abuse case to a member of the public.
The fine is one of the first two penalties issued by the Information Commissioner for breaching the act.
Both offences occurred on separate occasions in June this year, when employees in the council’s childcare litigation unit accidentally sent two faxes to the wrong recipients.
The first misdirected fax, containing highly-sensitive personal information about a child sex abuse case, was meant for barristers’ chambers – but was sent to a member of the public.
The council subsequently obtained a court injunction prohibiting any disclosure of the facts of the court case or circumstances of the data breach.
You may also want to watch:
The second misdirected fax, sent 13 days later, contained information relating to the care proceedings of three children, the previous convictions of two individuals, domestic violence records and care professionals’ opinions.
The fax, intended for Watford County Court, was mistakenly sent to barristers’ chambers unconnected with the case.
- 1 Sky Studios Elstree starts recruitment drive ahead of planned 2022 opening
- 2 Fireworks displays in Hertfordshire for Bonfire Night 2021
- 3 Christmas event plans revealed for Welwyn Hatfield
- 4 Businesses to decide on future of Welwyn Garden City BID as renewal campaign gets underway
- 5 Councillor Steven Markiewicz dies from illness after 17 years of service
- 6 Rural land near Welwyn to go on sale next month
- 7 When do the clocks go back in 2021 and British Summer Time ends?
- 8 Log thrown through hairdressers' window in Knebworth
- 9 Charity golf day raises thousands for the Willow Foundation
- 10 Residents and councillors react to Lloyds Bank closure
The county council reported both breaches to the Information Commissioner’s Office.
Information Commissioner Christopher Graham ruled a �100,000 fine was appropriate, given the council’s procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress.
After the first breach occurred, the council did not take sufficient steps to reduce the likelihood of another breach occurring.
Mr Graham: “It is difficult to imagine information more sensitive than that relating to a child sex abuse case.
“I am concerned at this breach – not least because the local authority allowed it to happen twice within two weeks.”
Employment services company A4e was also fined �60,000 for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.
Mr Graham added: “These first monetary penalties send a strong message to all organisations handling personal information.
“Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half-a-million pounds.”