More fines take total to nearly £2m, but it seems many councils are not getting the message
The Information Commissioner’s Office (ICO) has handed out fines totalling £300,000 to four different councils for a variety of data breaches.
The ICO also criticised local government agencies for continued poor attitudes to data protection as it revealed that it is closing in on £2m worth of fines handed out to UK councils.
The biggest fine in the recent round, £95,000, was handed out to Leeds City Council. A worker there reused an envelope that had been earmarked for external use when sending sensitive documents relating to a case in the internal mail. However the external address was not crossed out and the package was sent there. It was received by someone with no connections to the case.
The documents contained sensitive information relating to a child and revealed details on a criminal offence, school attendance and the child’s relationship with its mother.
Devon County Council was fined £90,000 after accidentally sending out an old report containing sensitive information. A worker there was using the old report as a template for a new report, but accidentally sent out the old one, which contained details 22 people, including details of alleged criminal offences and mental and physical health.
The London Borough of Lewisham was fined £70,000 after a member of staff took sensitive documents home to work on, but left them in a plastic bag on the train. They were subsequently recovered from the rail company’s lost property office.
The ICO also highlighted the recent incident at Plymouth County Council where a worker collected the wrong report from a printer and sent it out to a family not connected to the case, which centred on child neglect allegations. The council was fined £60,000 as a result.
Information Commissioner Christopher Graham slammed local councils for their attitude to personal data.
"It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence," he said.
"Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society," his statement added.
Graham added that he hopes the fines handed out to council will mean they change their attitude to looking after personal data. He also indicated that the ICO will look to meet with councils soon to discuss data protection.
"There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems," he said.
These latest fines mean the ICO has handed out nearly £2m worth of monetary penalties.