Breach details
| What | Inappropriate disclosure of sensitive personal data on five separate occasions. |
| How much | Five records. |
| When | March 2011 |
| Why | Personal data relating to children and their carer were sent to the wrong recipients on five separate occasions. |
Regulatory action
| Regulator | ICO | Action | Monetary penalty of £ 140,000 |
| When | 30 01 2012 |
Why the regulator acted
| Breach of act | Multiple letters were sent to the wrong recipient. Inappropriate organisational and technical measures. |
| Known or should have known | Following the first breach the risk was clear, yet 4 more breaches occurred over the next month. |
| Likely to cause damage or distress | Personal information of vulnerable individuals. |
Links
| View PDF of the Midlothian Council Monetary Penalty Notice (Breach Watch Archive) |
| View PDF of the Midlothian Council Monetary Penalty Notice (Via ICO Website) |