Six fines issued for data breaches
Wednesday 25 April 2012
Six public bodies were fined over personal data security breaches
in the last year despite hundreds of reported cases, a report said
One of the biggest penalties went to Midlothian Council as it was fined £140,000 for sending details on children and their carers to the wrong people five times within 12 months.
Some 281 of the 730 reported breaches were a result of human error, with emails being sent by mistake and documents being sent to the wrong address, figures from the Information Commissioner's Office (ICO) showed.
A further 170 were due to data or hardware being stolen and another 108 were as a result of it being lost.
The figures, published by security firm ViaSat following a Freedom of Information Act request, also found 433 of the reported cases had yet to be decided.
Overall, staff in private firms appeared to be the worst offenders, accounting for more than a third (263) of reported breaches between between March 22 last year and February 17.
Healthcare providers including the NHS were responsible for 178 reported breaches, while councils and other local government organisations reported 166.
But the ViaSat report said that of the 297 cases reported and resolved within the time period, just six resulted in fines.
These included Midlothian Council, where children's social service reports were sent to the wrong recipients between January and June last year, causing "serious upset" to children's families.
The ICO's investigation found that all five breaches could have been avoided if the council had put adequate data protection policies, training and checks in place.
The council said at the time there was no evidence anyone had been put at risk and it "immediately took steps to retrieve the information, or have it destroyed, and voluntarily reported ourselves to the Information Commissioner".
No private firms or healthcare providers were fined.
A further 32 reports led to undertakings being signed and 259 resulted in neither fines nor undertakings.
Chris McIntosh, of ViaSat, said: "It is wholly disconcerting that those data breaches which should be easily avoidable are now the most commonplace.
"While the message on data protection may be getting through to the heads of organisations, there is no point in having these measures in place if workers don't follow them."
An ICO spokesman said: "Civil monetary penalties (CMPs) are part of a range of options that we use to protect the privacy rights of individuals, and ensure that organisations comply with the Data Protection Act (DPA).
"We can only issue CMPs where strict criteria are met - where the breach has caused substantial damage or distress to individuals or has the potential to do so, and in instances where the organisation was, or should have been, aware of the risk of a breach and failed to take reasonable steps to prevent it.
"We will always consider a CMP whenever these criteria are met, regardless of the sector the organisation falls into."
He went on: "Effective regulation is about getting the best result in the public interest.
"There are several types of enforcement action we can take, all of which help drive compliance with the DPA. The course we choose will always depend on the circumstances of the individual case."
Board creates magnetic field to achieve lift
Follow the latest events from this Champions League fixture
Like Madonna, Sister Cristina Scuccia's video is also set in Venice
Singer says the track was 'force-fed down people's throats'
techThe original free dating app will remain the same, developers say
Endangered species spotted in a creek in the Qinling mountains
- 1 Jack the Ripper: Scientist who claims to have identified notorious killer has 'made serious DNA error'
- 2 Banksy arrest hoax: Internet duped by fake online report claiming artist's identity has been revealed
- 3 Drink alcohol and eat meat to improve male fertility - but cut down on coffee, studies suggest
- 4 Former East 17 frontman Brian Harvey turns up at Downing Street and 'demands to speak to Prime Minister'
- 5 The inventor of the Facebook 'like' button says he never made a 'dislike' button because he feared the 'unfortunate consequences'
Ukraine crisis: Donetsk 'tactical missile' explosion at factory sends blast wave across rebel-held city
Jack the Ripper: Scientist who claims to have identified notorious killer has 'made serious DNA error'
Oscar de la Renta dead: Legendary US fashion designer dies after long cancer battle aged 82
Banksy arrest hoax: Internet duped by fake online report claiming artist's identity has been revealed
Super-sized ships arrive in Britain: How big can they get?
Cameron is warned 'no possibility' of UK reducing immigration and that bid to bring in quota on migrant workers would be illegal
Residents should throw a street party and mix with immigrant neighbours, councils told
Russell Brand threatened with arrest after filming outside Fox News headquarters
London bus driver 'kicks gay couple off for kissing'
Lord Freud: Tory welfare minister apologises after saying disabled people are 'not worth’ the minimum wage
Lord Freud hangs on as MPs of all parties 'call for his head' over disability comments
£60000 - £70000 Per Annum plus excellent benefits: Clearwater People Solutions...
£100 - £140 per day + Flexible with benefits: Randstad Education Group: Key St...
£100 - £160 per day: Randstad Education Leeds: This good to outstanding school...
£25000 - £35000 Per Annum plus excellent benefits: Clearwater People Solutions...