|Inappropriate disclosure of sensitive personal information.
|A social worker in the Data Controller’s Children’s Service’s department intended to deliver a copy of a report on a conference to a child’s father, but accidently wrote the wrong address on an envelope and placed it through the door of the father’s neighbour. Although a policy was in place to provide guidance about sending personal data by post it was possible that the social worker was unaware of this as she had only been working in the department for 9 months and had not completed the mandatory e-training course on data protection. No process was in place to monitor trainin.
|Monetary penalty of £ 80,000
|13 February 2012
Why the regulator acted
|Breach of act
|Even had policy been followed there was nothing to prevent the incorrect delivery of the wrongly addressed letter.
Inappropriate organisational and technical measures.
|Known or should have known
|Staff were used to dealing with such self-evidently sensitive information, but no policies were in place to prevent a breach.
|Likely to cause damage or distress
|Data related to the physical and emotional well-being of a child.
|View PDF of the Norfolk Council Monetary Penalty Notice (Breach Watch Archive)
|View PDF of the Norfolk Council Monetary Penalty Notice (Via ICO Website)