Breach details
| What | Inappropriate disclosure of sensitive personal information. |
| How much | “A large number” of records. |
| When | Unknown |
| Why | A member of staff accidently clicked on an additional contact list while sending out an email intended for internal use and so two spreadsheets containing sensitive personal information were sent to 23 registered care providers. |
Regulatory action
| Regulator | ICO | Action | Monetary penalty of £ 80,000 |
| When | 28 November 2011 |
Why the regulator acted
| Breach of act | Staff were not provided with sufficient training and internal and external email distribution lists were not clearly differentiated. Inappropriate organisational and technical measures. |
| Known or should have known | Employees routinely dealt with confidential and sensitive personal data and manages should have realised the potential for human error when selecting emails lists. |
| Likely to cause damage or distress | Details of vulnerable young adults. |
Links
| View PDF of the Worcestershire County Council Monetary Penalty Notice (Breach Watch Archive) |
| View PDF of the Worcestershire County Council Monetary Penalty Notice (Via ICO Website) |