Information Commissioner's Office
Printable version E-mail this to a friend

Plymouth City Council fined £60,000 for sending child neglect report to wrong person

The Information Commissioner’s Office (ICO) has yesterday served a monetary penalty of £60,000 to Plymouth City Council for a serious breach of the Data Protection Act where the details of a child neglect case were sent to the wrong recipient.

The report included highly sensitive personal information about two parents and four children, notably allegations of child neglect resulting in ongoing care proceedings.

An investigation by the ICO found that the council had no secure system in place for printing reports containing sensitive personal data, and had failed to take reasonable steps to ensure reports were checked before they were sent out.

Stephen Eckersley, Head of Enforcement at the ICO, said:

“It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information.
 
“The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that."

A copy of yesterday's monetary penalty is available here 

The monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Commissioner.  

View the ICO's recent monetary penalties 

If you need more information, please contact the ICO press office on 0303 123 9070 

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
 
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.
 
4. Anyone who processes personal information must comply with
eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

5. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.

6. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).

Championing Sustainability in the Workplace with Skills Bootcamps from Serco: An opportunity to secure funding to upskill your employees