A local authority has been hit with a £70,000 fine for sending a letter that revealed the home address of an adoptive family to the child’s birth mother.
The letter, sent by Halton council on 25 May 2012, mistakenly included a covering letter with the adoptive parents’ address, which the birth mother’s parents then used to write to the adopters and ask for contact with the child.
The Information Commissioner’s Office ruled that the council had breached the Data Protection Act by sending the letter. It found the mistake was caused by the lack of clear policy and process for checking such correspondence, and a lack of training for children’s services staff.
“It would be easy to dismiss this as a simple case of human error,” said Steve Eckersley, head of enforcement at the Information Commissioner’s Office.
“The reality is that this incident happened because the organisation did not pay enough attention to how it handles vulnerable people’s sensitive information, leading to a mistake that was entirely avoidable had the right guidance and training been in place.”
He said the £70,000 penalty issued by the ICO reflected the “obvious distress” this incident will have caused to the people involved in the case.
Since the incident, Halton council has introduced a list of requirements that must be checked before similar correspondence is sent out and a peer-checking process.
A council spokesperson said the error was reported to the ICO as soon as the authority became aware of it. “Processes have been reviewed and measures put in place to prevent something like this happening again. We have apologised to those concerned and we acknowledge the decision of the Commissioner,” the spokesperson said.
Related articles
Lost memory stick puts council in breach of data protection
Councils fined for failing to keep sensitive children’s data safe
Comments are closed.