How Cheshire East Council could have avoided £80K fine for just £45

The latest press release form the Information Commissioner’s Office (ICO), dated 15 February 2012, explains how Cheshire East Council has been ordered to pay a monetary penalty of £80,000 following a breach of the data protection act (DPA) in May 2011.

You can read the full details of the breach on the ICO’s website and as a quick summary here’s what happened:

A council employee was asked to contact the local voluntary sector  co-ordinator to alert local voluntary workers to a police force’s concerns about an individual who was working in the area.

A series of blunders:

Failure 1 –  the local voluntary sector co-ordinator didn’t have an appropriate email account. How had they been communicating prior to this data breach???

Failure 2 – the council employee that was asked to contact the co-ordinator hadn’t had sufficient DPA awareness training and as a result, sent the email to the co-ordinators personal email account.

Failure 3 – the email, which contained the name and an alleged alias for the individual as well as information about the concerns the police had about him, was then forwarded by the co-ordinator to 100 intended recipients.

Failure 4 – the highly sensitive nature of the information contained in the email, and the need to restrict its circulation, wasn’t made clear to all recipients.

How this £80,000 fine could have been avoided for just £45:

The ICO have pointed out that Cheshire East Council failed to provide this particular employee with adequate data protection training.  What are the chances that this employee is not alone?

All members of staff that are involved with processing personal information as part of their daily job should undergo DPA awareness training and For a maximum outlay of £45 per head, Cheshire East Council could have avoided this data breach and avoided the £80,000 fine. 

The IT Governance Data Protection Awareness e-Learning course can be used as part of an induction process for new employees and as part of a  refresher programme for existing employees.

Having completed the 30-minute course, students can take a 20-question test. Students have the opportunity to re-take this test until the pass mark (75%) is achieved. An online Certificate of Achievement is issued to all students who pass the test which is clear evidence of adequate DPA training.

Find out more about the Data Protection Awareness e-Learning course, and safeguard your orgainsation today!