The Information Commissioner’s Office (ICO) has fined Stoke-on-Trent City Council for not adhering to the Data Protection Act. The council sent a sensitive email to the wrong recipient, which contained information about a child protection legal case.
If the information were sent as a secure email there would not have been a problem, but because a solicitor from the legal team sent it unencrypted the council received a fine of £120,000.
However, the ICO found that the council already had a process in place to make sure information was sent as a secure email but they did not take the time to ensure all departments were trained and had the encryption software available to use.
The council have now put strict regulations in place and made sure all their staff is fully trained on the practice of sending secure emails. It is surprising that they did not act sooner as in 2010 they had a similar incident with a removable storage device in which important data was loss.
It proves that the ICO are constantly checking businesses and fining any that are not following the Act. Make sure you are fully compliant as it really isn’t hard, and will save you a lot of time and money.