NHS trust and local council hit back at ICO fines

The second breach involved the disclosure of foster care details for two young children to their mother. As a result, both children had to be moved to alternative accommodation.

Following an investigation by the ICO, the breaches were attributed to the settings used on a council child information system called Protocol.

While we accept the breaches occurred, we do not agree with the rationale behind the financial penalty that has been imposed.

Its findings showed that, in the first breach, Protocol contained insufficient information about the children involved and did not allow people to check documents before they were posted out.

The default settings of Protocol were blamed for the second breach, which automatically included foster carer's details in the children's placement information records. It is also claimed there was no process in place to check these records once they have been printed.

David Smith, the ICO's deputy commissioner and director of data protection, said: "These were two very similar data breaches which occurred within a short space of time, and both involved highly confidential and sensitive personal data.

"It is the responsibility of all organisations especially where children or other vulnerable people are involved to keep sensitive personal data secure," said Smith.

In statement to IT Pro, Telford and Wrekin Council said the fine should be reduced by 18,000 in recognition of how promptly it will be paid.

"While we accept the breaches occurred, we do not agree with the rationale behind the financial penalty that has been imposed," said the statement.

"We believe the fine goes against the ICO's own guidance, which states an organisation should not be fined when it has taken reasonable steps to prevent a breach, which we believe we have."