Midlothian Council fined for personal data breaches
Midlothian Council has been fined £140,000 for sending sensitive personal data about children and their carers to the wrong people.
It is the first Scottish organisation to be served with such a penalty by the Information Commissioner's Office.
The local authority made errors in sending out data on five occasions.
In one case, personal papers about a child and its mother were read by the woman and not her former partner who they were intended for.
The woman made a complaint to her social worker.
Another incident involved documents relating to the status of a foster carer.
They were sent to seven healthcare professionals, none of whom had any reason to see the information.
The breaches happened between January and June last year.
The Information Commissioner's Office said its investigation found that all five breaches could have been avoided if the council had put adequate data protection policies, training and checks in place.
Assistant commissioner for Scotland, Ken Macdonald, said: "Information about children's care, as well as details about their health and wellbeing, is some of the most sensitive information a local authority holds.
"It is of vital importance that this information is protected and that robust policies are followed before it is disclosed.
"The serious upset that these breaches would have caused to the children's families is obvious and it is extremely concerning that this happened five times in as many months."