View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 15, 2012

ICO keeps the financial penalties coming with another council fine

Cheshire East Council fined following email blunder

By Vinod

The Information Commissioner’s Office is on a roll: after fining two councils last week for breaching the Data Protection Act (DPA) it has now handed out another financial penalty.

Cheshire East Council has been fined £80,000 for, "failing to take appropriate measures to ensure the security and appropriateness of disclosure when emailing personal information," the ICO report said.

The incident, which the ICO described as a "serious" breach of the DPA, occurred in May 2011 when a worker at the council was asked to email the local voluntary sector co-ordinator over police concerns about an individual working in the area.

The worker was instructed to use a secure email system to send the alert but the co-ordinator did not have access to it so it was sent via a personal email account to ensure it was received.

The email was then forwarded by the co-ordinator to 100 intended recipients. According to the ICO the wording in the email was ambiguous and many recipients thought they too had to send it on to other volunteer workers. This resulted in 180 unintended recipients receiving the email.

Contents of the email included the name of the individual and an alleged alias he used.

Once the mistakes was realised the council attempted to recall the message and 57% of recipients subsequently deleted the email.

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

"While we appreciate that it is vitally important for genuine concerns about individuals working in the voluntary sector to be circulated to relevant parties, a robust system must be put in place to ensure that information is appropriately managed and carefully disclosed," said Stephen Eckersley, Head of Enforcement.

"Cheshire East Council also failed to provide this particular employee with adequate data protection training. The highly sensitive nature of the information and the need to restrict its circulation should have been made clear to all recipients," he added.

The news follows last week’s announcement that fines totalling £180,000 were handed down to Croydon Council and Norfolk County Council for failing to keep highly sensitive information secure.

Eckersley said that the recent cases should act as a wake-up call to public sector bodies. "I hope this case – along with the fact that we’ve handed out over one million pounds worth of penalties since our powers came into force – acts as a strong incentive for other councils to ensure that they have sufficient measures in place around protecting personal data," he said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.