Sensitive data sent to 'wrong address' by Stoke-on-Trent City Council
A CASH-STRAPPED council has been hit with a £120,000 fine after a data breach saw sensitive emails on child protection emailed to the wrong person.
The Information Commissioner's Office (ICO) has ordered Stoke-on-Trent City Council to pay the fine after the authority admitted a serious breach of the data protection act.
A city council solicitor sent 11 emails containing 'highly sensitive' information related to the care of a child to the wrong email address.
The emails, which should have been sent to a barrister working for the council on a child protection case, also included private information about the health of two adults and two other children.
8kg 1400 spin A+++ rated washer
with a full 6 year warranty - yes SIX years
delivered FAST & FREE
was OVER £600 - For a limited time ONLY £449.90
Amazing value!!!
Terms:
8kg 1400 spin A+++ rated washer
with a full 6 year warranty - yes SIX years
delivered FAST & FREE
was OVER £600 - For a limited time ONLY £449.90
Amazing value!!!
Contact: 01782 342609
Valid until: Saturday, June 01 2013
An investigation by the national data watchdog found the solicitor breached the council's own rules, which require sensitive information to be encrypted (protected by a password).
But it also found the authority had failed to provide the legal team with encryption software, provided no relevant training and was fully aware emails were being sent without security.
The ICO said it took into account a 2010 formal agreement signed by the authority to improve its data protection after information on a childcare case was lost after being stored on a memory stick, which also had no password protection.
And the council has been unable to find out if the emails have been forwarded to other people by the accidental recipient.
It comes as the authority attempts to make cuts of £24 million in 2012/13 and prepares for a further £50 million savings over the next two years.
In a damning report on the December 2011 blunder, the ICO said: "The council was aware that employees in the legal team regularly sent such emails in contravention of these policies, yet it took no action to prevent this or to train employees in the correct procedures."
Stephen Eckersley, head of enforcement at the ICO, said: "If this data had been encrypted the information would have stayed secure. Instead the authority has received a significant penalty for failing to adopt a simple and widely used measure.
"It is particularly worrying that a breach in 2010 highlighted similar concerns around encryption."
The ICO said the council had now signed a further legal agreement to improve data protection and training provided to staff.
The council said it had now introduced a range of new security measures.
Steve Sankey, the council's assistant director of business technology, said: "We have implemented a lot of new procedures and security measures that will help to prevent future breaches.
"It was prudent after the ICO notified us of our weaknesses that we acted immediately. I'm now confident the right tools are available to make sure the information is as secure as it could be."
Comments
by Anon_mow_cop
Friday, October 26 2012, 1:36PM
“You can buy secure encription usb memory sticks off Ebay for a few quid, or there is free software on the internet as well, and this load of muppets couldn't think to do that.”
by warren-lloyd
Friday, October 26 2012, 11:34AM
“Has anyone been sacked for this.”
by muzzer57
Friday, October 26 2012, 10:52AM
“How much are these clowns on a year? unbelievable!”