Norfolk County Council fined �80,000 over child information blunder

Norfolk's largest council has been fined �80,000 after a staff blunder led to highly sensitive child welfare information being hand-delivered to the wrong address.

The Information Commissioner's Office (ICO) revealed yesterday Norfolk County Council failed to follow 'one of the most basic rules' by having a system in place to check if sensitive information was being given to the right person.

The watchdog said the error occurred when a social worker inadvertently wrote the wrong address on a report and hand-delivered it to the intended recipient's next-door neighbour last April.

An investigation into the breach also found the county council did not monitor whether staff had completed data protection training.

Croydon Council, in south London, was also fined �100,000 by the ICO after papers containing details of a child sex abuse victim were stolen from a pub.

Stephen Eckersley, the ICO's head of enforcement, speaking about the decision to fine both local authorities said: 'While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation.'

Mike Jackson, director for environment, transport and development, said the authority took its responsibilities to protect personal data 'extremely seriously'.

Most Read

He added that the number of breaches were rare compared to the amount of information staff dealt with each day.

Mr Jackson said: 'That is why this case was particularly concerning and we felt it necessary to immediately and voluntarily refer the matter to the information commissioner.

'As soon as we discovered what had happened we acted to contain the breach and apologised to all of the people concerned.

'We also carried out an investigation into what went wrong and looked at what we could do to further improve practice.

'Although this was a case of human error by a single member of staff, we have since put in place a range of measures to ensure there is even greater clarity for staff on how to handle personal information.'

An EDP Freedom of Information request previously revealed there had been 46 breaches of the Data Protection Act between December 2008 and 2011 at the county council.

These included a confidential service users' files being found in a skip outside a council building in February 2010.

An investigation was launched, but no conclusion was reached as to how they ended up there.

A large number of the breaches were because emails containing people's details, such as names and addresses, were sent to the wrong people.