Stoke council fined over child protection e-mail

A city council has been fined £120,000 after a solicitor sent e-mails about a child protection case to the wrong person.

The Information Commissioner's Office (ICO) called the incident "a serious breach" of the Data Protection Act.

Stoke-on-Trent City Council had also failed to provide staff with encryption software, a spokesman said.

The council said it has implemented new security measures that will help to prevent future breaches.

Stephen Eckersley, from the ICO, said: "It is particularly worrying that a breach in 2010 highlighted similar concerns around encryption at the authority, but the issue was not properly resolved."

The latest breach happened on 14 December 2011 when 11 emails were sent by a solicitor at the authority to the wrong address.

The ICO's investigation found the solicitor was in breach of the council's own guidelines, but said the council had failed to provide the legal department with encryption software and had provided "no relevant training".

In a case in 2010 involving the council, sensitive data relating to a childcare case was lost after being stored on an unencrypted memory stick, the ICO said.

The council has said it changed its security systems to "reassure its residents their personal information is safe".

Under the Data Protection Act, the ICO can impose fines of up to £500,000, with the money going to the Treasury's Consolidated Fund.