View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
December 18, 2012

ICO slams local government attitude to data protection

More fines take total to nearly £2m, but it seems many councils are not getting the message

By Steve Evans

The Information Commissioner’s Office (ICO) has handed out fines totalling £300,000 to four different councils for a variety of data breaches.

The ICO also criticised local government agencies for continued poor attitudes to data protection as it revealed that it is closing in on £2m worth of fines handed out to UK councils.

The biggest fine in the recent round, £95,000, was handed out to Leeds City Council. A worker there reused an envelope that had been earmarked for external use when sending sensitive documents relating to a case in the internal mail. However the external address was not crossed out and the package was sent there. It was received by someone with no connections to the case.

The documents contained sensitive information relating to a child and revealed details on a criminal offence, school attendance and the child’s relationship with its mother.

Devon County Council was fined £90,000 after accidentally sending out an old report containing sensitive information. A worker there was using the old report as a template for a new report, but accidentally sent out the old one, which contained details 22 people, including details of alleged criminal offences and mental and physical health.

The London Borough of Lewisham was fined £70,000 after a member of staff took sensitive documents home to work on, but left them in a plastic bag on the train. They were subsequently recovered from the rail company’s lost property office.

The ICO also highlighted the recent incident at Plymouth County Council where a worker collected the wrong report from a printer and sent it out to a family not connected to the case, which centred on child neglect allegations. The council was fined £60,000 as a result.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Information Commissioner Christopher Graham slammed local councils for their attitude to personal data.

"It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence," he said.

"Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society," his statement added.

Graham added that he hopes the fines handed out to council will mean they change their attitude to looking after personal data. He also indicated that the ICO will look to meet with councils soon to discuss data protection.

"There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems," he said.

These latest fines mean the ICO has handed out nearly £2m worth of monetary penalties.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.