- Mobile
iOS App- Newsletters
- Subscribe
- Stakeholders
- Follow:
GOVERNMENT ZONE
- Central government
- Devolved government
- Education
- Health and social care
- Home affairs
- Local government
- Transport
AREA OF INTEREST
- Built environment
- Culture, heritage and museums
- e-government
- Energy
- Finance and pensions
- Innovation, science and technology
- International
- Management and HR
- PFI and partnerships
- Procurement
- Property
- Scotland
- Sustainable futures
- Waste
SISTER SITES
Email
Print
Stoke council fined £120k after child data breach
25 October 2012
The ICO, which can fine up to £500,000 for serious breaches of the Data Protection Act, said the £120,000 fine issued to Stoke council reflected the fact it had not resolved issues after an earlier breach of a similar nature.
The latest breach happened in December 2011 when 11 emails were sent by a solicitor at the authority to the wrong address. The watchdog found that highly sensitive information on the care of a child was involved as well as further information on the health of two adults and two other children.
The authority's guidance, which was breached by the solicitor, had stated sensitive data needed to be encrypted or sent over a secure network.
But the council failed to provide the legal department with encryption software and knew that the team had to send emails to unsecure networks. A lack of data protection training was also identified by the ICO.
"If this data had been encrypted then the information would have stayed secure," said Stephen Eckersley, head of enforcement at the ICO.
"Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure."
Eckersley added that it was "particularly worrying" that "similar concerns around encryption at the authority" were identified in a 2010 breach but were not "properly resolved".
After the earlier incident the council had committed to improving data security measures after sensitive data relating to 40 children in childcare was lost after being stored on an unencrypted memory stick.
In a statement today Stoke council said it had recently taken "proactive extra measures" to ensure data breaches became "a thing of the past". Security steps taken included a secure remote access system, encryption of all portable devices, blocking of unencrypted or non-council USB devices, file encryption and a secure email portal.
"It was prudent after the Information Commissioner's Office notified us of our weaknesses that we acted immediately to improve the situation," said Steve Sankey, assistant director of business technology. "I am now confident that the right tools have been made available to make sure the information is as secure as it could be while enabling staff to work effectively."
COMMENTS
RELATED NEWS »
- New NHS won't escape fines for old data breaches
- Private investigators could face £500,000 fines for accessing data illegally
- Patients can stop their data being shared, says Jeremy Hunt
- Patients targeted after GP email account was hacked
- Caldicott 2 – NHS reported 186 serious data breaches in a year
- Police forces face investigation after sending personal data to G4S
- Margaret Thatcher's funeral delays NHS privacy review
SUGGESTED FEATURES »
- The new NHS: Only the fittest will survive and flourish
- Another day, another data breach: how to make sure you aren't next
- On Her Majesty's not-so-secret service: The 'plausible' plot of Skyfall
- Government faces growing data storage demands
- 'NHS must tell patients about data and privacy breaches'
- 'NHS and councils need help as they fall behind on data protection'