Stoke-on-Trent City Council fined £120,000 over child protection e-mail
A monstrous £120,000 penalty has been slapped on the Stoke-On-Trent City Council by the Information Commissioner's Office (ICO) for an incident which amounted to "a serious breach" of the Data Protection Act (DPA) because a council solicitor sent e-mails about a child protection case to the wrong address.
With the solicitor having accidentally sent 11 emails - containing "highly sensitive" details about a number of children and two adults in the care of council - to the wrong person, the ICO said that the city council was being fined for its failure to provide encryption software to its legal department staff.
The most recent breach of the DPA took place on 14 December 2011, and was the second data breach for the Stoke-on-Trent City Council in the last couple of years. In an earlier breach, in 2010, the Council had lost sensitive information pertaining to a childcare case because the data was stored on an unencrypted memory stick.
Noting that the "significant penalty" had been slapped on the Council owing to its failure in adopting an apparently "simple and widely used security measure," Stephen Eckersley - Head of Enforcement at the ICO - said that proper encryption of data could have prevented the recent breach.