Yesterday, the ICO served Surrey County Council with a huge £120,000 fine for a serious breach of the Data Protection Act. The council had, on three separate occasions, emailed sensitive, personal information to the wrong recipients. Notably, the information contained in these emails was not encrypted, or password protected.
The first instance occurred on the 17th May last year when a member of the Adult’s Social Care Team emailed a file of 241 records to the wrong email address. The file contained sensitive health information, and because the file was not encrypted or password protected, it could potentially be viewed by a large number of unauthorised individuals.
The second instance occurred on the 22nd June 2010, when a second email, containing confidential personal data, was incorrectly send to a group of recipients who had registered to receive a council newsletter.
The third incident happened on 21st January this year, when the Child Services department sent confidential information, about an individual’s health, to the wrong internal group email address. This led to sensitive data being circulated to individuals who should not have received it.
Commenting on the fine, the UK Information Commissioner said: “Any organisation handling sensitive information must have appropriate levels of security in place. Surrey County Council has paid the price for their failings and this case should act as a warning to others that lax data protection practices will not be tolerated.”
At IT Governance we take data protection seriously. Every organisation needs to ensure it is compliant with the Data Protection Act, and additionally, ensure that their staff are aware of the role they play in regards to data protection.
Our ITG e-Learning Course – DPA Staff Awareness is a quick, affordable and effective means of delivering training to multiple leaners.
Compliance with the Data Protection Act needn’t be a complex or costly process. At IT Governance we offer a range of products and services to assist your organisation in becoming DPA compliant. For under £100 our DPA Compliance Toolkit is quick and easy solution to tacking your DPA issues.
We also have a free technical briefing paper to download here. It focuses on the best way to protect the content on your laptops and other mobile storage devices.
Take action today and take control of your data protection destiny. Failure to do so could incur a huge fine, brand damage and loss of business. Can you afford not to take this issue seriously?