ICO slaps £60k fine on Plymouth Council over printing gaffe
Child protection information sent to the wrong person
The Information Commissioner's Office (ICO) has fined Plymouth City Council 60,000 for a serious breach of the Data Protection Act.
The penalty follows after it was found that an employee of the council printed out and information about a family in the area to another resident by mistake. The pages contained details of allegations of child neglect resulting in ongoing care proceedings.
The council worker collected three pages of sensitive information from a printer alongside another document by accident. Those pages contained information about two adults and their four children, these were then sent to the wrong person by a social worker.
"It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people's sensitive information," said Stephen Eckersley, head of enforcement at the Information Commissioner's Office (ICO).
"The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that."
A spokeswoman for Plymouth City Council said that the council has now made changes to its printing processes following the incident
"In line with guidance, the incident was reported to the Information Commissioner's Office. The three pages were quickly recovered and destroyed, both clients were spoken with about the incident and our sincerest apologies were offered.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Practical steps to prevent a similar situation happening again were taken including secure pin printing so that reports are only printed when staff activate the printer with their code, which reduces the risk of papers being mixed up.
Last week, the ICO issued a code of practice on anonymising personal data.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.