The Information Commissioner’s Office (ICO) has slammed local authorities’ lax attitude towards protecting personal data, after another round of data cock-ups edged the total amount issued in fines this year towards £2m.
Leeds City Council was served a monetary penalty of £95,000, Plymouth City Council £60,000 and Devon County Council £90,000 after separate incidents saw details of child care cases sent to the wrong recipients, while the London Borough of Lewisham was issued a penalty of £70,000 after social work papers were left on a train.
The penalties mean that 19 local councils have now received fines for breaching the Data Protection Act, totalling £1,885,000.
Information Commissioner Christopher Graham (pictured) said: “We’re fast approaching £2m worth of monetary penalties issued to UK councils for breaching the Data Protection Act, with 19 councils failing to have the most straightforward of procedures in place
“It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.
“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated.
“There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems.”
The ICO is pressing the Ministry of Justice for stronger powers to audit local councils’ data protection compliance, if necessary without consent. The same powers are sought for NHS bodies across the UK following a series of data protection breaches in the health sector.
