Liverpool City Council has been fined for data protection offences. The local authority has been fined £300 under the Data Protection Act (DPA) after the Information Commissioner's Office (ICO) brought a prosection.
The council failed to give a woman all the information she requested and was entitled to, then failed to comply with an information notice issued by ICO.
"The Data Protection Act gives us all important rights, including the opportunity to find out what information is held on us by an organisation," said Mick Gorrill, Head of the Regulatory Action Division at the ICO. "This right is the very cornerstone of the Act and that is why the legislation is so important."
The woman involved had used the DPA to request all the information held on her by the council, for which she used to work. Some information was provided, but she believed that some sensitive health information had been withheld.
She complained to the ICO, which investigated and contacted the council, which did not respond. It then issued an information notice to the council which also received no response.
Failure to comply with an information notice is a criminal offence. After a further warning, the ICO began a prosecution; the council pleaded guilty to the charge.
The judge in the case, which was heard at the Liverpool Magistrates' Court, said that there had clearly been an "appalling breakdown in communication" and "a clear lack of compliance" with the Act at the council.
The council said that it recognised that it had made mistakes and that it had introduced new systems to try and stop a similar incident happening in the future.
"Today’s successful prosecution serves as a very useful reminder to organisations that they must comply with subject access requests appropriately and that it is a criminal offence to ignore information notices served by the Information Commissioner," said the ICO's Gorrill.