ICO hands out yet more fines to local authorities

The Information Commissioner’s Office (ICO) has continued its recent pattern of coming down hard on local councils that fail to keep data secure.

In recent weeks four local authorities have been served with monetary penalties for information security failings, a spell which has led the ICO to criticise the attitude these organisations have towards protecting sensitive and personal data that they own.

Leeds City Council was given a monetary penalty of £95,000, Plymouth City Council £60,000 and Devon County Council £90,000 after three separate incidents saw details of ongoing child care cases sent to the wrong recipient.

The London Borough of Lewisham was issued a penalty of £70,000 after social work papers were left on a train.

These latest penalties now mean that 19 local authorities have picked up fines for breaching the Data Protection Act, which has resulted in a total of £1,885,000 being paid to the ICO.

Information commissioner Christopher Graham said that as the total of fines is nearing the £2 million mark and councils are continuing to fail to implement basic security measures it is time to act and support the organisations that are failing to meet the requirements.

“Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.

“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated,” he concluded.

The ICO is so infuriated by the poor attitude shown towards the protection of sensitive information that is has decided to press the Ministry of Justice for greater powers to audit the data security measures in place at local authorities.

Should these powers be granted, it would enable the organisation to monitor data protection compliance, if necessary without consent, in order to beef up the measures implemented by councils around the UK.