Surrey County Council has been fined £120,000 after a series of blunders in which it emailed sensitive, personal information about hundreds of individuals to the wrong people.Such as..?
The first breach occurred on May 17 last year when a member of staff working for one of the council’s adult social care teams emailed details relating to 241 individuals’ physical and mental health to the wrong group email address.Ah. Yes, well, when you flout the law and fail to learn from your repeated mistakes, you can expect someone to come along and issue you with a stonking great fine.
Recipients included a number of transportation companies including taxi firms, coach and mini bus hire services and as the information was not encrypted or password protected could have been viewed by a large number of unauthorised people.
After attempts to recall the e-mail failed, the council were later unable to confirm that all recipients had destroyed it.
A second blunder occurred on June 22 last year when confidential personal data relating to a number of individuals was mistakenly e-mailed to over one hundred unintended recipients who had registered to receive a council newsletter.
The last incident took place on January 21 this year when the council’s Children Services department sent confidential information relating to an individual’s health to the wrong internal group email address.
While the data did not leave the council’s network the breach led to sensitive and private information being circulated to individuals who should not have received it.
A spokesperson for Surrey County Council said: “These incidents should never have occurred and we have apologised to the people involved.You know what? You’re quite right. It is indeed unfair that the taxpayer is once again on the hook.
“Immediate action has been taken to prevent this happening again.
“Measures have already been taken to reduce the risk of sensitive personal data being wrongly addressed and extra training on handling data securely has been given.
“We accept the commissioner’s findings but feel the money we were fined by another public sector organisation would have been better spent making further improvements in Surrey."
So, let’s have sackings instead. You’ll do, for a start.
4 comments:
First of all those responsible must be identified, not very likely as THEY all stick together.
If the above is successful and the culprits are identified, who do THEY work for, a quango, a Partnership, an Agency, a Trust, if so, are THEY accountable?
No elected representative will accept responsibility because that resposibility, you know, along with the other resposibuilities we elected them to shoulder on our behalf have been hived off to SERCO, IBM etc.
Soon THEY will have no responsibilities at all, then, Brussels takes over.
By the way it's called "LOCALISM" younger brother of "regionalisation"
“We accept the commissioner’s findings but feel the money we were fined by another public sector organisation would have been better spent making further improvements in Surrey."
Such as - getting your IT/email systems up to the legally required standard BEFORE you repeatedly broke the DPA?
Surrey County Council has been fined £120,000
So .... who's money exactly is it that pays the fine? Does it perhaps come out of the pocket of the ratepayer and the tax payer? Who are neither culpable or responsible for the offence?
Curious justice system we have.
"First of all those responsible must be identified.."
Good point.
"Such as - getting your IT/email systems up to the legally required standard BEFORE you repeatedly broke the DPA?"
I would expect local council systems to be significantly behind even central government systems, and we all know just how good they are...
"Curious justice system we have."
It's not very just, is it?
Post a Comment