THE UK INFORMATION COMMISSIONER'S OFFICE (ICO) has fined Plymouth City Council £60,000 after a handling mistake saw sensitive data about a family sent to another resident by mistake.
The problem occurred when a printer jam caused a member of staff to unintentionally pick up two reports that had been printed, after another staff member had given up waiting for their report to print, and include them both in an envelope sent to the recipient.
When that resident received the report and realised the error, they contacted the council. They also contacted the family affected via a social networking website, the ICO noted, telling them what had happened.
A subsequent audit of the council's working practices found that the incident was a result of a failure to "incorporate an adequate level of checks in order to ensure the documents were being sent to the correct recipient".
A review of the printer in use at the council in the wake of the incident also led to the revelation that over a 15-minute period one of the printers in the Children's Services department was in constant use by up to five members of staff, during which time it jammed on six occasions.
As such the ICO said it was clear that the issues were not solely down to human error and warned that "unless steps were taken to rectify this, a similar incident could happen again".
As a result the ICO thought it was justified in issuing the fine. "It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people's sensitive information," said ICO head of enforcement Stephen Eckersley.
"The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that."
A spokeswoman for Plymouth City Council said that all of the sensitive information involved had been recovered and destroyed, and that new checks had been put in place to prevent such an incident from happening again.
"[These] include secure PIN printing so that reports are only printed when staff activate the printer with their code, which reduces the risk of papers being mixed up," she said. "Extra checks before sensitive documents are dispatched from the office are also being devised."
The fine is just the latest in a long series of fines levied against the public sector by the ICO, which our sister IT news website V3 revealed earlier this month had passed the £2m mark since April 2010. µ
Plus, it's goodbye to Device Assist
Vulnerabilities in the iOS sandbox thankfully found by the good guys
Data watchdog will make sure firm is being fully transparent about the controversial move
Chinese firm reportedly forces staff to do 82 hours of overtime a month