Fines totaling over £300 000 ($486,000 / 369,000 EUR) have been given out by the UK’s Information Commissioner’s Office to four local councils responsible for losing personal data.
As such, the London Borough of Lewisham must pay £70,000 ($113,000 / 86,000 EUR) for leaving social work papers in a plastic shopping bag on a train. Luckily, the documents were later recovered from the rail company’s lost property office.
For sending the details of child care cases to wrong recipients, the Leeds City Council will pay £95,000 ($153,000 / 117,000 EUR), Plymouth City Council £60,000 ($97,000 / 73,000 EUR), and the Devon County Council the sum of £90,000 ($145,000 / 110,000 EUR).
So far, local councils that breached the Data Protection Act have been served monetary penalties totaling £1,885,000 ($3 million / 2.3 million EUR).
Currently, the ICO is trying to convince the Ministry of Justice to grant it stronger powers to audit local councils’ data protection compliance.
“We are fast approaching two million pounds worth of monetary penalties issued to UK councils for breaching the Data Protection Act, with nineteen councils failing to have the most straightforward of procedures in place. It would be far too easy to consider these breaches as simple human error,” Information Commissioner Christopher Graham said.
“The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society,” he added.
“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated.”