toke-on-Trent City Council fined £120,000 over email blunder

Stoke-on-Trent City Council has been fined £120,000 for sending emails about a child protection case to the wrong person.

Eleven emails with sensitive information about the care of a child and the health of two other children and two adults, were sent by a solicitor at the authority to the wrong person.

The emails were intended for counsel instructed on the case.

An investigation by the Information Commissioner’s Office (ICO) uncovered a ‘serious breach’ of the Data Protection Act after they were sent in December 2011.

The ICO found the council was failing to follow its own guidance by not providing encryption software and the relevant staff training to ensure data remained protected.

Stephen Eckersley, head of enforcement at ICO, said: “If this data had been encrypted then the information would have stayed secure.

“Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure.”

The council says it has now improved security of information sent electronically, as well as signing a legal notice to improve the data protection training for staff.

Cllr Olwen Hamer, cabinet member for transformation and resources, said: “Residents expect us to handle their information with great care, protecting them from any harm from the inappropriate release of the information into the public domain.

“We will be keeping a very watchful eye on our information security to help prevent future data breaches.”

Steve Sankey, the council’s assistant director of business technology, added: “I am now confident the right tools have been made available to make sure the information is as secure as it could be while enabling staff to work effectively.”

It’s not the first data blunder from Stoke-on-Trent City Council. In 2010, an unencrypted memory stick containing social services information concerning 40 children was found in a public street.