The Information Commissioner’s Office has fined Powys County Council a record £130,000 for mishandling sensitive information involving a child protection case.
In February, the council accidentally sent details of an ongoing case to the wrong recipient. The ICO said it is thought that the sensitive pages were accidentally picked up from a shared printer and mailed out with unrelated information. The recipient knew the parent and child in question, and made a complaint to the council.
A similar breach had occurred in June 2010, after which the ICO recommended that Powys County Council introduce mandatory training and tighten its security. The ICO warned the council that action would be taken if a similar incident occurred again.
Anne Jones, the assistant information commissioner for Wales, said that this was the most serious case yet. "The distress that this incident would have caused to the individuals involved is obvious, and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations," she said, adding that the ICO had issued a legal demand for the council to improve its data handling.
The record fine comes as changes to the EU laws on data protection are being considered by the European Commission. The Financial Times reported that the updated data protection legislation could see European companies that breach data protection laws fined up to 5% of their annual revenues.