The Information Commissioner's Office (ICO) is clamping down hard on data breaches, as two more councils were today served with hefty fines.
Croydon Council was handed a 100,000 penalty after a bag containing papers relating to the care of a child sex abuse victim was stolen from a pub.
Norfolk County Council was hit with an 80,000 penalty for sending data about allegations against a parent and the welfare of their child to the wrong recipient.
One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.
The two fines mean the ICO has now handed out over 1 million in fines since being given the license to hit organisations with up to 500,000 in data breach penalties in April 2010.
"We appreciate that people working in roles where they handle sensitive information will like all of us - sometimes have their bags stolen. However, this highly personal information needn't have been compromised at all if Croydon Council had appropriate security measures in place," said Stephen Eckersley, head of enforcement at the ICO.
"One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training."
The news came just three days after the ICO slapped five separate local authorities on the wrist for breaching the Data Protection Act.
In late January, the ICO handed out its biggest fine ever as Midlothian Council was told to pay 140,000.
Only one private organisation has been hit with a fine, but private bodies are not yet required by law to disclose data breaches.
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
