Misco Cookie Policy
We have published a new cookie policy. It explains what cookies are and how we use them on our website. To find out more about cookies, click here. By closing this message, you consent to our use of cookies on this website in accordance with our cookie policy. You can disable cookies, however please note that disabling deleting or disallowing cookies will affect your web experience.

Data Breach Leads To £120,000 Fine For Stoke-on-Trent City Council


Data Breach Leads To £120,000 Fine For Stoke-on-Trent City Council
Date: 29th October 2012

by Russell Dickinson

The Information Commissioner's Office (ICO), the UK body tasked with data protection, has levied a £120,000 fine on Stoke-on-Trent City Council after the authority was found guilty of a serious data breach. The ICO used the announcement to remind organisations the importance of encrypting confidential personal information.

According to the ICO, Stoke-on-Trent City Council has grievously breached the Data Protection Act, repeating a mistake for which it was chastised early in 2010. The previous incident involved the loss of sensitive information pertaining to a childcare case. At that time, the city council was found to have stored the data on an unencrypted memory stick. It agreed to take steps that would improve data security, among those being the introduction of encryption for portable storage devices.

The new transgression shows that the authority has yet to make good on its promise. The latest incident took place in December 2011 and involved dispatching 11 e-mails to the wrong recipient. The messages were sent by a solicitor working for the authority and the lack of encryption put extremely sensitive information into the wrong hands. The data had to do with a child protection case and the e-mails also contained information regarding the health of two adults and two other children, the ICO said. The e-mail address was found to be valid but the recipient did not respond to the request to delete the messages.

The ICO noted that Stoke-on-Trent City Council would have avoided this serious breach simply by encrypting the data. The substantial monetary penalty is its punishment for failing to implement a security measure that is easy to adopt and widely used, as well as negligence in tackling a problem already brought to light, the regulator added.

Share:

Join our mailing list

Featured IT News

IT News Archive

Tweeting Now