Worcestershire County Council

Breach details

What Inappropriate disclosure of sensitive personal information.
How much “A large number” of records.
When Unknown
Why A member of staff accidently clicked on an additional contact list while sending out an email intended for internal use and so two spreadsheets containing sensitive personal information were sent to 23 registered care providers.

Regulatory action

Regulator ICO
Action Monetary penalty of £ 80,000
When 28 November 2011

Why the regulator acted

Breach of act Staff were not provided with sufficient training and internal and external email distribution lists were not clearly differentiated.
Inappropriate organisational and technical measures.
Known or should have known Employees routinely dealt with confidential and sensitive personal data and manages should have realised the potential for human error when selecting emails lists.
Likely to cause damage or distress Details of vulnerable young adults.