Hertfordshire County Council fined for Data Protection Act breaches
HERTFORDSHIRE County Council has been fined �100,000 for two serious breaches of the Data Protection Act – including faxing details of a child sex abuse case to a member of the public.
The fine is one of the first two penalties issued by the Information Commissioner for breaching the act.
Both offences occurred on separate occasions in June this year, when employees in the council’s childcare litigation unit accidentally sent two faxes to the wrong recipients.
The first misdirected fax, containing highly-sensitive personal information about a child sex abuse case, was meant for barristers’ chambers – but was sent to a member of the public.
The council subsequently obtained a court injunction prohibiting any disclosure of the facts of the court case or circumstances of the data breach.
You may also want to watch:
The second misdirected fax, sent 13 days later, contained information relating to the care proceedings of three children, the previous convictions of two individuals, domestic violence records and care professionals’ opinions.
The fax, intended for Watford County Court, was mistakenly sent to barristers’ chambers unconnected with the case.
- 1 'Almost double the population' - Plans unveiled for two adjacent festivals at the same time
- 2 F9: Filming locations of Vin Diesel's new Fast & Furious 9 movie
- 3 Deal signed with construction firm for old Shredded Wheat factory
- 4 The latest court results for Welwyn Hatfield and Potters Bar
- 5 Aldi eyes new Hertfordshire store locations
- 6 100 homes approved at appeal for Green Belt land
- 7 Re-appeal launched after driver arrested and pedestrian hospitalised following crash
- 8 Frank Turner added to revised Slam Dunk Festival 2021 line-up set for Hatfield
- 9 'It means the world' - lucky Postcode Lottery winners scoop £180,000 prize
- 10 Woody & Kleiny release Euros single Route 66 with The Hoosiers for charity CALM
The county council reported both breaches to the Information Commissioner’s Office.
Information Commissioner Christopher Graham ruled a �100,000 fine was appropriate, given the council’s procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress.
After the first breach occurred, the council did not take sufficient steps to reduce the likelihood of another breach occurring.
Mr Graham: “It is difficult to imagine information more sensitive than that relating to a child sex abuse case.
“I am concerned at this breach – not least because the local authority allowed it to happen twice within two weeks.”
Employment services company A4e was also fined �60,000 for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.
Mr Graham added: “These first monetary penalties send a strong message to all organisations handling personal information.
“Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half-a-million pounds.”