Fresh ICO fines against councils

Fines has been issued to Croydon Council and Norfolk County Council by the tips Commissioner's Office (ICO).

Croydon Council was handed a penalty of £100,000 after a bag containing papers on the subject of the care of a kid sex-abuse victim was stolen from a London pub.

The unlocked bag belonged to a social worker who was taking the papers home, and the information included information regarding the sexual abuse of a kid and 6 other folks connected to a court hearing. The bag and its contents have never been recovered.

Norfolk County Council was served with an £80,000 penalty after a social worker inadvertently wrote the inaccurate address on a report and hand-delivered it to the intended recipient's neighbour. The report contained confidential and highly sensitive personal data a couple of child's emotional and physical state, consisting of other personal information.

Stephen Eckersley, head of enforcement on the ICO, said: “We appreciate that folks working in roles where they handle sensitive information will â€" like any folks â€" sometimes have their bags stolen. However, this highly personal information needn't was compromised in any respect if Croydon Council had appropriate security features in place.

“One of the foremost basic rules when disclosing highly sensitive information is to ascertain after which double-check that it will the suitable recipient. Norfolk County Council did not have a system for this and in addition didn't monitor whether staff had completed data-protection training.

“While both councils acted swiftly to tell the folks involved and feature since taken remedial action, this doesn't excuse the truth that vulnerable children and their families shouldn't ever were installed this case.”

Tony Pepper, CEO of Egress Software, said: “If you seriously look into the overpowering surge in ICO fines during the last few weeks there's a clear pattern starting to emerge; namely sensitive information being accidentally sent to the incorrect recipient(s), leading to a significant breach of the information Protection Act.

“More importantly, this is not a brand new problem; it's invariably been happening for years only this time the ICO has the ability to hit organisations where it hurts. Additionally, end-user training or generic security awareness won't ever address this endemic problem (affecting any organisation that shares confidential data with third parties) because the sender is blissfully unaware that a breach has taken place, at which point it's already too late.

“That's why our client-base take pro-active measures to circumvent these fines by implementing technology that gives end-to-end Information Assurance. This form, information sent to the inaccurate recipient is often protected by ‘follow the data' security and may be revoked at will, regardless how the info was sent.”