NHS trust and local council hit back at ICO fines

The second breach involved the disclosure of foster care details for two young children to their mother. As a result, both children had to be moved to alternative accommodation.

Following an investigation by the ICO, the breaches were attributed to the settings used on a council child information system called Protocol.

While we accept the breaches occurred, we do not agree with the rationale behind the financial penalty that has been imposed.

Its findings showed that, in the first breach, Protocol contained insufficient information about the children involved and did not allow people to check documents before they were posted out.

The default settings of Protocol were blamed for the second breach, which automatically included foster carer's details in the children's placement information records. It is also claimed there was no process in place to check these records once they have been printed.

David Smith, the ICO's deputy commissioner and director of data protection, said: "These were two very similar data breaches which occurred within a short space of time, and both involved highly confidential and sensitive personal data.

"It is the responsibility of all organisations especially where children or other vulnerable people are involved to keep sensitive personal data secure," said Smith.

In statement to IT Pro, Telford and Wrekin Council said the fine should be reduced by 18,000 in recognition of how promptly it will be paid.

"While we accept the breaches occurred, we do not agree with the rationale behind the financial penalty that has been imposed," said the statement.

"We believe the fine goes against the ICO's own guidance, which states an organisation should not be fined when it has taken reasonable steps to prevent a breach, which we believe we have."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.