E-Mail Error Results in £120,000 Fine

ICO: City Council Neglected Its Own Guidance
E-Mail Error Results in £120,000 Fine

The UK Information Commissioner's Office has fined the Stoke-on-Trent City Council £120,000 after sensitive information about a child protection legal case was e-mailed to the wrong person.

See Also: Live Webinar | Unlocking CIAM - the secret to balancing frictionless registration and high data integrity

The council is a local government entity that oversees the city of Stoke-on-Trent located in Staffordshire, England. The fine is for a violation of the UK Data Protection Act.

The breach occurred on Dec. 14, 2011, when 11 e-mails were sent by the council to the wrong address, according to an ICO statement. The e-mails contained sensitive information relating to the care of a child and further information about the health of two adults and two other children.

The ICO said the e-mails should have been sent to counsel who were working on the child protection case.

The incorrect recipient of the e-mail hasn't responded when asked by the council to delete the e-mails, according to the ICO.

"If this data had been encrypted then the information would have stayed secure," says Stephen Eckersley, head of enforcement at the ICO.

Based on an investigation by the ICO, the council apparently didn't follow its own guidance, which stated that sensitive data should be sent over a secure network or be encrypted. "However, the council had failed to provide the legal department with encryption software and knew that the team had to send e-mails to unsecure networks," the ICO's statement said. "The council also provided no relevant training."

Eckersley said the council has introduced new measures to improve the security of information sent electronically, as well as the data protection training provided to their staff.

"This should limit the chances of further personal information being lost," he says.

View the monetary penalty notice.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.