This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Fresh ICO fines against councils

Share this article:

Fines have been issued to Croydon Council and Norfolk County Council by the Information Commissioner's Office (ICO).

Croydon Council has been handed a penalty of £100,000 after a bag containing papers relating to the care of a child sex-abuse victim was stolen from a London pub.

The unlocked bag belonged to a social worker who was taking the papers home, and the data included information about the sexual abuse of a child and six other people connected to a court hearing. The bag and its contents have never been recovered.

Norfolk County Council has been served with an £80,000 penalty after a social worker inadvertently wrote the wrong address on a report and hand-delivered it to the intended recipient's neighbour. The report contained confidential and highly sensitive personal data about a child's emotional and physical state, together with other personal information.

Stephen Eckersley, head of enforcement at the ICO, said: “We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen. However, this highly personal information needn't have been compromised at all if Croydon Council had appropriate security measures in place.

“One of the most basic rules when disclosing highly sensitive information is to check and then double-check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data-protection training.

“While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation.”

Tony Pepper, CEO of Egress Software, said: “If you look at the overwhelming surge in ICO fines over the last few weeks there is a clear pattern beginning to emerge; namely sensitive information being accidentally sent to the wrong recipient(s), resulting in a serious breach of the Data Protection Act.

“More importantly, this isn't a new problem; it's invariably been happening for years only this time the ICO has the power to hit organisations where it hurts. Additionally, end-user training or generic security awareness will never address this endemic problem (affecting any organisation that shares confidential data with third parties) as the sender is blissfully unaware that a breach has taken place, at which point it's already too late.

“That's why our client-base take pro-active measures to avoid these fines by implementing technology that provides end-to-end Information Assurance. This way, information sent to the wrong recipient is always protected by ‘follow the data' security and can be revoked at will, regardless how the information was sent.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA/FBI/Europol launch global cyber crime-busters, J-CAT

NCA/FBI/Europol launch global cyber crime-busters, J-CAT

The UK's National Crime Agency (NCA) has joined forces with the FBI and Europol to launch a new global crime fighting team, led by the NCA's Andy Archibald.

NATO members to get cyber war protection

NATO members to get cyber war protection

Nato cyber defence policy to declare that a cyber attack on any one member country is an attack on them all.