UK: Plymouth City Council fined £60,000 for sending child neglect report to wrong person
I’m guessing that Plymouth City Council isn’t giving thanks today – the Information Commissioner’s Office smacked them with a fine of £60,000 for a data protection breach that occurred in November 2011 when the details of a child neglect case were sent to the wrong recipient. The breach occurred when two social workers used a shared printer to print reports on two families and one of them inadvertently scooped up and included the other social worker’s report in pages he mailed out to one family. From the ICO’s press release:
The report included highly sensitive personal information about two parents and four children, notably allegations of child neglect resulting in ongoing care proceedings.
An investigation by the ICO found that the council had no secure system in place for printing reports containing sensitive personal data, and had failed to take reasonable steps to ensure reports were checked before they were sent out.
Stephen Eckersley, Head of Enforcement at the ICO, said:
“It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information.
“The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that.”