Worcestershire County Council has been fined £80,000 for sending highly sensitive personal information to the wrong people.
The penalty was handed out after an incident in March this year, when a member of staff sent personal information about a large number of vulnerable people to 23 unintended recipients.
All of the unintended recipients worked for registered organisations used to operating within the council’s protocols about handling sensitive data.
Enquiries by the Information Commissioners Office (ICO) found that the council had failed to take appropriate measures to guard against the unauthorised processing of personal data – such as providing employees with appropriate training and clearly distinguishing between internal and external e-mail distribution lists.
The council had also failed to properly consider an alternative means of handling the information.
The employee immediately realised their error and attempted to contact all of the unintended recipients to make sure that the information was deleted.
Information commissioner Christopher Graham said the incident was of great concern and he hoped the penalty sent a clear message to the council.
“Personal information in cases involving vulnerable people is about the most sensitive personal information imaginable,” he said.
“It was fortunate that the e-mail recipients worked in a similar sector and so were used to handling sensitive information.
"This mitigating factor has been taken into account.
"People who handle highly sensitive personal information need to understand the weight of responsibility that comes with keeping it secure.”
A spokesman for Worcestershire County Council said: "The county council accepts the findings of the Information Commissioner's Office and welcomes that the notice recognises immediate action was taken to mitigate potential damage caused by the error.
"We are a large, people-based organisation and this means sometimes - through human error - mistakes are made.
“It is particularly regrettable that on this occasion the breach related to vulnerable people and we are very sorry.
“It is important that on the occasions when we do fall below standards, improvements are made to minimise the chance of future mistakes and rigorous new processes have been up-and-running since this unfortunate incident which occurred early this year.
“We remain fully co-operative with the Commissioner's Office and welcome the invitation to voluntarily take part in an ICO audit in spring 2012.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here