|What||Loss of sensitive personal information on three occasions.|
|How much||241 records.|
|When||May – June 2010|
|Why||Records were accidently sent out in an email copied to a global distribution list, minutes of a confidential strategy discussion erroneously emailed to a newsletter distribution group. Additional records were erroneously emailed to an incorrect internal email group.|
|Regulator||ICO||Action||Monetary penalty of £ 120,000|
|When||9 June 2011|
Why the regulator acted
|Breach of act||Emails were unencrypted and sent to the wrong recipients.
Inappropriate organisational and technical measures.
|Known or should have known||The risk of incorrect drop down boxes being selected were “self evident”.|
|Likely to cause damage or distress||Records related to special needs.|
|View PDF of the Surrey Council Monetary Penalty Notice (Breach Watch Archive)|
|View PDF of the Surrey Council Monetary Penalty Notice (Via ICO Website)|