The UK data protection regulatory body, the The Information Commissioner's Office (ICO) has reportedly fined Surrey Country Council £120,000 under the Data Protection Act.
According to the ICO, the action was taken because of three serious breaches that had occurred in Surrey Country Council (SCC) last year.
As reports pointed out, the SCC emailed sensitive personal information belonging to hundreds of individuals to the incorrect party at least three times in the last year alone.
According to Christopher Graham, the Information Commissioner, UK, the action taken against SCC reflects the seriousness of the initial breach, which was repeated multiple times.
"The fact that the first breach saw sensitive personal information relating to the health and welfare of 241 vulnerable individuals was sent to the wrong people is shocking enough,” said Graham, Computing reports.
“But when you take into account the two similar breaches that followed, it is clear that Surrey County Council failed to fully address the risks of sending sensitive personal data by email until it was far too late," he added.
Once the Surrey City Council pays the fine, ICO will send the funds to the HM Treasury’s Fund.