ICO issues record fine of £130,000

The Information Commissioner's Office has fined Powys County Council £130,000 for a serious breach of the Data Protection Act. While the upper limit is £500,000, this is the highest fine issued so far. In this case, details of a child protection case were sent to the wrong recipient.

The Council committed a breach also last year. After the breach, reported in June 2010, the ICO highlighted the need for mandatory DP training and better security measures. The ICO also warned the council that further action would be taken if a similar incident occurred again.

Assistant Commissioner for Wales, Anne Jones said:

“The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.”

Speaking at a DP conference in Brussels on 6 December, ICO’s Deputy Commissioner David Smith said that monetary penalties are beginning to drive compliance, but damage to reputation has a bigger impact. However, will high penalties work for consumers, he wondered, as their trust in organisations’ handling of data may be decreased.

The ICO’s enforcement notice requires Powys County Council to train all staff by 31 March 2012.