back to article Council fined £140k for leaking kids' sensitive info

The Information Commissioner's Office (ICO) has fined Midlothian council £140,000 for disclosing sensitive personal data about children and their carers to the wrong people on five separate occasions. The commissioner said that the five breaches, which took place between January and June 2011, were all serious. One of them …

COMMENTS

This topic is closed for new posts.
  1. ed2020
    Unhappy

    Council fined £140k for leaking kids' sensitive info.

    Or, to put it another way, "taxpayers fined £140k for council's leaking of kids' sensitive info"!

    1. Anonymous Coward
      Flame

      Or, more

      specifically, English tax payers!

      Seems we pay for everything else in scotland.

      Flame on.

      1. Alfie
        Headmaster

        1/10 for effort

        You've not heard of the Barnett formula then?

        The Midlothian tax payers will pay for it, not the English. Back to school for you, sunny Jim!

      2. Anonymous Coward
        Anonymous Coward

        RE: Or, more

        "specifically, English tax payers!

        Seems we pay for everything else in scotland."

        Except we're the ones with the North Sea oil and gas reserves, so think again laddie!

      3. Anonymous Coward
        Anonymous Coward

        @ cumz 1

        Your self-ejaculatory and completely off-topic comment is unworthy of a good flaming. So pathetic that it hardly deserves to be singed. Grow a pair.

  2. Anonymous Coward
    Anonymous Coward

    Fined by the ICO because...

    they were not a Commercial organisation.

    1. Anonymous Coward
      Anonymous Coward

      It is only recently that the ICO has had the authority to hand out fines for breaches in the DPA (since 2010). Since then it has fined 10 organisations, 2 of which where commercial.

      When you consider that very few commercial organisations hold information about individuals, and nearly every public body does, it is only to be expected that public bodies will be in breach more often than commercial organisations.

      Furthermore, public bodies are more likely to hold sensitive information about individuals (as in this case) than commercial ones. Asda, for example, does not even know the names of most of its customers. For some of them it will know their name and address and purchase history, but it will not know if they have been abused, are in foster care, their health status etc.

      1. Anonymous Coward
        Anonymous Coward

        @AC 11:02

        How then would you explain the ICO's complete lack of action in regards to BT and Phorm affecting tens of thousands of customers, not to mention BT's failure to properly secure information as required by a court order? Then we have the likes of Bluecoat and Talktalk following us around the internet. No action on that either.

        It;s not just the press that's too difficult for the ICO to deal with - it's the whole commercial sector...

  3. James 100

    Not so fine

    Fine Tesco a million pounds, it hurts them, they'll make an effort to avoid it happening again - ultimately, that cuts into profits, which hits bonuses, raises; with a less profitable company it could even mean job losses, so as a punishment it obviously works.

    Fining a tax-funded outfit, though - what's the point? Ultimately, that just gets squeezed out of taxpayers' pockets one way or another - either council tax or other council charges will go up next year to pay it, or it'll be diverted away from something the taxpayers wanted, like car parks, road maintenance etc.

    For this, where "the organisation" has *broken the law* and needs to be punished, surely fining the individuals - the prat who sent information to the wrong people, the manager who is supposed to be in charge of that mess, maybe the councillors themselves - would work much better? At £28k per incident, I'm sure fining the social worker, their line manager and the head of department £2.8k each would make very sure they don't do it again. Company directors can be held personally liable if a company breaks the law, so why not councillors?

    1. Funkster

      Quite

      Alternatively, make the individuals responsible a) go and apologise in person to those affected and b) pay for and sort out any ill-effects caused by the information leak.

    2. H2Nick

      @James 100 Spot on !

      The post is required, and must contain letters.

  4. Drummer Boy
    WTF?

    Tax payers

    Come out even, as the fine is paid back to the tax payers.

    Until the ICO can force public bodies to sack people fines are the only way to get their attention, unless anyone has a batter idea?

  5. Derichleau
    FAIL

    What about commercial organisations?

    When is the Information Commissioner going to start handing out fines to companies? The other month The Register reported on how the ICO were asking companies to volunteer for audits: http://www.theregister.co.uk/2011/07/07/ico_annual_report/

    The thing is, most of those companies volunteering are likely to be keen on full compliance anyway so it's unlikely that there are going to be any major issues - you can bet that criminal organisations will not be volunteering. A far better strategy would be to audit those companies that people submit complaints about.

    I've reported 30+ abuses of my personal data to the ICO over the years and none of them were ever audited. There are so many examples: Most employment agencies need to be registered data controllers and many are committing a criminal offence by failing to notify. Why don't they audit employment agencies? Another example: The majority of financial services companies use civil law to automatically opt the data subject in to marketing. But these terms are often worthless because an organisation has to obtain consent prior to targeting a data subject with marketing and this statutory obligation cannot be negated with civil law. Nor can consent be obtained by using civil law. So why isn't the ICO auditing financial organisations? Better still, why aren't they working with the FSA to ensure that the banking code requires financial services companies to comply fully with data protection laws and regulations, bearing in mind that this sector is one of the worst offenders when it comes to the abuse of data subjects' rights. Another example: Some companies are opting to cancel accounts to avoid having to comply with the rights of the data subject. Why isn't the ICO ensuring that these companies are operating compliant systems and processes because if they were, then they wouldn't have to cancel accounts.

    It's disgraceful!

  6. Rampant Spaniel

    Couldn't agree more with the posts above, fiscal punishments against taxpayer funded organisations are nonsensical. Sack the people responsible and those at the top. C level staff are renumerated handsomely because of the responsibility, yet it never works out that way when something goes wrong!

  7. Just Thinking

    Does have some effect

    If our council was fined that amount for doing something stupid, I think there would be a lot of pissed off people, given the number of service cuts and increased charges we have just seen. So I don't think it is true to say that councils aren't affected at all by fines.

    In addition, it would become politically very difficult to bring in any more cuts after paying the fine. So the council would have to consider doing what we all want anyway - being a bit less wasteful.

    But rather than fining them, given that problems with training etc have been identified, why not force them to spend x amount on fixing the problems? It would still leave them with an embarrassing budget headache, but it would at least benefit local taxpayers.

This topic is closed for new posts.

Other stories you might like