The Information Commissioner's Office (ICO) is clamping down hard on data breaches, as two more councils were today served with hefty fines.
Croydon Council was handed a 100,000 penalty after a bag containing papers relating to the care of a child sex abuse victim was stolen from a pub.
Norfolk County Council was hit with an 80,000 penalty for sending data about allegations against a parent and the welfare of their child to the wrong recipient.
One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.
The two fines mean the ICO has now handed out over 1 million in fines since being given the license to hit organisations with up to 500,000 in data breach penalties in April 2010.
"We appreciate that people working in roles where they handle sensitive information will like all of us - sometimes have their bags stolen. However, this highly personal information needn't have been compromised at all if Croydon Council had appropriate security measures in place," said Stephen Eckersley, head of enforcement at the ICO.
"One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training."
The news came just three days after the ICO slapped five separate local authorities on the wrist for breaching the Data Protection Act.
In late January, the ICO handed out its biggest fine ever as Midlothian Council was told to pay 140,000.
Only one private organisation has been hit with a fine, but private bodies are not yet required by law to disclose data breaches.
-
AI coding tools are booming – and developers in this one country are by far the most frequent usersNews AI coding tools are soaring in popularity worldwide, but developers in one particular country are among the most frequent users.
-
Cisco warns of critical flaw in Unified Communications Manager – so you better patch nowNews While the bug doesn't appear to have been exploited in the wild, Cisco customers are advised to move fast to apply a patch
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
