Hampshire County Council is the latest local authority in the UK to be slapped with a major fine by data protection watchdog the Information Commissioner’s Office (ICO), receiving a whopping £100,000 penalty after mislaying key documents.
Highly sensitive personal details on over 100 children and adults were found on social care files and in 45 bags of “confidential waste” at a disused building in Havant once occupied by council premises.
They were discovered by the building’s new owners when they bought the property in 2014, two years after Hampshire County Council’s Adults and Children’s Services department left the building, according to an ICO release.
Head of enforcement, Steve Eckersley, argued that the council should have had a proper procedure in place to ensure no personal data was left in the building.
“Organizations must implement effective contingency plans to protect personal data when decommissioning buildings,” he said in a statement.
“The council’s failure to look after this information was irresponsible. It not only broke the law but put vulnerable people at risk.”
According to the Data Protection Act, public and private sector organizations in the UK must have “technical and organizational” measures in place to prevent accidental loss or destruction of personal data, the ICO said.
The fine is just the latest in a long line of similar cases involving the watchdog.
In June, Dyfed-Powys Police was fined £150,000 after an email containing info which could have been used to identify eight sex offenders was sent to a member of the public in error.
In May, the ICO fined Chelsea and Westminster Hospital NHS Foundation Trust £180,000 after it accidentally revealed the email addresses of 700 patients with HIV.
When it comes to fines, the watchdog often reserves the major sums for incidents in which data which could cause major distress for those affected is released.