|What||Inappropriate disclosure of sensitive personal information.|
|How much||Two records.|
|When||12 November 2010|
|Why||A council employee accidently sent five emails (on separate occasions), two of which contained highly sensitive information relating to a child’s serious case review, to the wrong NHS employee.|
|Regulator||ICO||Action||Monetary penalty of £ 60,000|
|When||28 November 2011|
Why the regulator acted
|Breach of act||Staff not given sufficient information governance training and management should have signed off on emails, ensuring that all sensitive data was encrypted.
Inappropriate organisational and technical measures.
|Known or should have known||Data controller was used to handling confidential and sensitive data and should have been aware of the “self evident” risks of drop down email menus. Repeated breaches demonstrate this fact.|
|Likely to cause damage or distress||Data related to vulnerable individuals and could be misused.|
|View PDF of the North Somerset Council Monetary Penalty Notice (Breach Watch Archive)|
|View PDF of the North Somerset Council Monetary Penalty Notice (Via ICO Website)|