Councils fined for child sex case and welfare data breaches

USB stick
Image caption The Information Commissioner's Office (ICO) has so far handed out £1m in fines for data breaches.

Two councils have been fined a total of £180,000 for breaching data protection laws.

Croydon Council and Norfolk County Council "failed to keep highly sensitive information about the welfare of children secure", said a watchdog.

Papers containing details of a child sex abuse victim were stolen from a pub in the Croydon Council breach.

The Information Commissioner's Office (ICO) has so far handed out £1m in fines for breaches.

'Highly personal'

The ICO fined Croydon Council in south London £100,000 for its breach and Norfolk County Council was fined £80,000 for sending details about allegations against a parent and the welfare of their child to the wrong person.

Croydon Council said it was considering an appeal over the level of the fine, saying it believed it was "an excessive and unjustifiable amount".

Stephen Eckersley, the ICO's head of enforcement, said: "We appreciate that people working in roles where they handle sensitive information will - like all of us - sometimes have their bags stolen.

"However, this highly personal information needn't have been compromised at all if Croydon Council had appropriate security measures in place.

"One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.

"Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training."

Stolen bag

Mr Eckersley said he recognised both councils acted swiftly to inform the people involved and had since taken remedial action but it did not not excuse the fact vulnerable children and their families were put at risk.

The documents revealing information about the sexual abuse of a child and six other people connected to a court hearing were in an unlocked bag stolen from a social worker in a London pub in April last year, the ICO said.

It has never been recovered and, while data protection guidance was available, the watchdog said "it was not actively communicated to staff and the council had failed to monitor whether it had been read and understood".

A spokesman for Croydon Council said: "The council is perplexed and frustrated by the commissioner's general criticism of our data protection and information handling guidance, as many of our internal measures and policies appear to have been disregarded in reaching this judgment.

"The council also believes, having taken advice, that the level of fine is wholly disproportionate to the breach."

In Norfolk, a social worker inadvertently wrote the wrong address on a report and hand-delivered the information to the intended recipient's next-door neighbour in April last year.

The ICO said: "The report contained confidential and highly sensitive personal data about a child's emotional and physical well-being, together with other personal information."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites