The biggest financial penalty ever issued has been handed to Powys County Council by the Information Commissioner’s Office (ICO). The council has been issued with a huge fine of £130,000 following the misplacement of sensitive child protection information on two separate occasions.
The public sector has been under the spotlight for some time regarding IT security. Jobs within this area of risk management are significantly underpaid and with many high level candidates opting for information security vacancies in the private sector.
The ICO has recently warned all government offices and councils that it will be coming down hard on any organisation that breaches cyber security. Powys County Council fell foul of the ICO when information relating to a vulnerable child was sent to the wrong recipient. The child was known to the recipient making the security breach extremely serious. On this occasion the ICO set out guidelines for the council to put in place security processes and to train staff however following a second incident a monetary penalty was issued.
The Wales assistant commissioner, Anne Jones commented:
“This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people. It’s the most serious case yet and it has attracted a record fine. The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.”
The need for public sector offices to attract new candidates to information risk jobs is essential to ensure these serious breaches are eradicated in the future.