ICO breaks £1m milestone as two councils fined
The ICO hands out two hefty fines, meaning it has now enforced penalties amounting to greater than £1 million.
The Information Commissioner's Office (ICO) is clamping down hard on data breaches, as two more councils were today served with hefty fines.
Croydon Council was handed a 100,000 penalty after a bag containing papers relating to the care of a child sex abuse victim was stolen from a pub.
Norfolk County Council was hit with an 80,000 penalty for sending data about allegations against a parent and the welfare of their child to the wrong recipient.
One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.
The two fines mean the ICO has now handed out over 1 million in fines since being given the license to hit organisations with up to 500,000 in data breach penalties in April 2010.
"We appreciate that people working in roles where they handle sensitive information will like all of us - sometimes have their bags stolen. However, this highly personal information needn't have been compromised at all if Croydon Council had appropriate security measures in place," said Stephen Eckersley, head of enforcement at the ICO.
"One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The news came just three days after the ICO slapped five separate local authorities on the wrist for breaching the Data Protection Act.
In late January, the ICO handed out its biggest fine ever as Midlothian Council was told to pay 140,000.
Only one private organisation has been hit with a fine, but private bodies are not yet required by law to disclose data breaches.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.