data breach

ICO Slaps Stoke City Council With Hefty Data Breach Fine

Council gets massive fine after emails are sent to the wrong person,

On by Thomas Brewster 1

The Information Commissioner’s Office (ICO) has told Stoke-on-Trent City Council to cough up £120,000 after a “serious breach” of the Data Protection Act.

Sensitive information on a child protection legal case was emailed to the wrong person back in December 2011.

A solicitor at the authority sent 11 emails to the wrong address, accidentally handing over highly sensitive information relating to the care of a child and the health of two adults and two other children to the wrong party.

Data breach fine

The solicitor was in breach of the council’s own guidance, which advised sending data over a secure network or with encryption. But, according to the ICO, the council failed to provide the legal department with encryption software and knew the team had to send emails to unsecure networks, hence why the fine was so large.

“If this data had been encrypted then the information would have stayed secure. Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure,” said Stephen Eckersley, head of enforcement at the ICO.

“It is particularly worrying that a breach in 2010 highlighted similar concerns around encryption at the authority, but the issue was not properly resolved.”

At the time of publication, the Stoke-on-Trent City Council had not said whether it would appeal the fine, but did note the extra protections it had subsequently introduced.

“The council has gone through a transformation in its approach to IT security as well as a number of proactive steps mentioned above,” said Councillor Olwen Hamer, cabinet member for transformation and resources.

“We have also implemented a full and detailed information security training programme which included issuing staff with the do’s and don’ts rules. We will be keeping a very watchful eye on our information security to help prevent future data breaches.”

The news came just days after an exclusive report from TechWeekEurope found O2 had received more complaints regarding alleged data breaches than any other organisation in the UK.

How well do you know Internet security? Try our quiz and find out!

Thomas Brewster
Author: Thomas Brewster
Security Correspondent, TechWeekEurope
Thomas Brewster Thomas Brewster Thomas Brewster

White Papers

Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




One reply to ICO Slaps Stoke City Council With Hefty Data Breach Fine

  • On October 26, 2012 at 11:53 am by brian m

    The ICO just doesn’t get it – fining a council is like fining the victim of a crime. In this case it will be the long suffering Stoke rate payers who will have to pay the fine!

    Fines/penalties should be levied at the individuals responsible for the data breach. Here the IT department and the solicitor.

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>