ICO Slaps Herts County Council With First Data Protection Fine

The Information Commissioners’ Office has fined a council £100,000 for accidentally faxing details of a child sex abuse case to the wrong recipients on two separate occassions.

The ICO found Hertfordshire to have committed a “serious breach” of the Data Protection act when it faxed details of ongoing cases to a member of the public in June, only to send details of care proceedings of three children to a barrister’s firm unconnected with the cases 13 days later.

Information commissioner Christopher Graham said: “It is difficult to imagine information more sensitive than that relating to a child sex abuse case."

"I am concerned at this breach – not least because the local authority allowed it to happen twice within two weeks," he added.

The ICO has also fined training firm A4e £60,000 for losing a laptop containing the unencrypted personal data of 24,000 of its clients in Hull and Leicester.

Both organisations have since apologised for the breaches, and Hertfordshire county council has assured that measure will be taken to ensure it wont happen again.

The fines follow the ICO being granted powers to enforce increased fines of up to £500,000 for serious breaches of the Data Protection Act in April.