|What||Inappropriate disclosure of sensitive personal data on five separate occasions.|
|How much||Five records.|
|Why||Personal data relating to children and their carer were sent to the wrong recipients on five separate occasions.|
|Regulator||ICO||Action||Monetary penalty of £ 140,000|
|When||30 01 2012|
Why the regulator acted
|Breach of act||Multiple letters were sent to the wrong recipient.
Inappropriate organisational and technical measures.
|Known or should have known||Following the first breach the risk was clear, yet 4 more breaches occurred over the next month.|
|Likely to cause damage or distress||Personal information of vulnerable individuals.|
|View PDF of the Midlothian Council Monetary Penalty Notice (Breach Watch Archive)|
|View PDF of the Midlothian Council Monetary Penalty Notice (Via ICO Website)|