UK: £140,000 fine for Midlothian Council after sending child data to wrong people five times in as many months (updated)

A Scottish council has been fined £140,000 after repeatedly releasing sensitive information about vulnerable children and carers to the wrong people.

Midlothian Council was guilty of five data protection breaches in as many months last year.

It is the first local authority in Scotland to be fined by the Information Commissioner’s Office (ICO), which is calling for stronger auditing powers to detect other breaches.

Midlothian has apologised and said staff have been subject to disciplinary proceedings, but insisted no-one was put at risk.

Read more on Scotsman.com.   An announcement by the ICO’s office is not up on the ICO’s site yet, but expect to see a lot of media coverage of this one as it is now the single largest fine handed out by that office.  I note that none of the Midlothian breaches had been reported on this blog and were probably never in the media at the time last year.

Update:  Here’s the press release from the ICO and the monetary penalty notice (pdf).

About the author: Dissent