WIREDGOV

The Information Commissioner’s Office (ICO) recently served Surrey County Council with a monetary penalty of £120,000 for a serious breach of the Data Protection Act after sensitive personal information was emailed to the wrong recipients on three separate occasions.

Christopher Graham, UK Information Commissioner said:

“This significant penalty fully reflects the seriousness of the case. The fact that sensitive personal information relating to the health and welfare of 241 vulnerable individuals was sent to the wrong people is shocking enough. But when you take into account the two similar breaches that followed, it is clear that Surrey County Council failed to fully address the risks of sending sensitive personal data by email until it was far too late.”