Norfolk Council

Breach details

What Inappropriate disclosure of sensitive personal information.
How much One records.
When April 2011
Why A social worker in the Data Controller’s Children’s Service’s department intended to deliver a copy of a report on a conference to a child’s father, but accidently wrote the wrong address on an envelope and placed it through the door of the father’s neighbour. Although a policy was in place to provide guidance about sending personal data by post it was possible that the social worker was unaware of this as she had only been working in the department for 9 months and had not completed the mandatory e-training course on data protection. No process was in place to monitor trainin.

Regulatory action

Regulator ICO
Action Monetary penalty of £ 80,000
When 13 February 2012

Why the regulator acted

Breach of act Even had policy been followed there was nothing to prevent the incorrect delivery of the wrongly addressed letter.
Inappropriate organisational and technical measures.
Known or should have known Staff were used to dealing with such self-evidently sensitive information, but no policies were in place to prevent a breach.
Likely to cause damage or distress Data related to the physical and emotional well-being of a child.