Record £130,000 child data error fine for Powys council
A council which sent details of a child protection case to the wrong person has received a record £130,000 fine for breaching the Data Protection Act.
Separate reports about child protection cases were sent to the same shared printer, and it is thought two pages from one were mistakenly picked up.
The Information Commissioner's Office (ICO) fined Powys council.
The council said staff working with sensitive information would receive additional training.
It follows a less serious, but similar incident in Powys, which was reported to the ICO in June last year.
The ICO said the latest breach was the most serious case it had dealt with since receiving the power to fine organisations in April 2010.
It is thought pages from one report were collected with those from another case and sent out without being checked.
The recipient mistakenly received the pages and knew the identities of the parent and child whose personal details were included in the papers.
The recipient made a complaint to the council and a further complaint was made by the recipient's mother via her MP.
Anne Jones, the assistant commissioner for Wales, said: "This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people.
"It's the most serious case yet and it has attracted a record fine.
"The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.
"The ICO has also issued a legal notice ordering the council to take action to improve its data handling. Failure to do so will result in legal action being taken through the courts."
Ms Jones said there was clearly an underlying problem with data protection in social services departments, and the ICO would be meeting with council officials in the UK to discuss "how we can support them in addressing these problems".
The breach in Powys followed a similar incident, which was reported to the ICO in June 2010, when a social worker sent information about a vulnerable child to the same recipient.
After making inquiries, the ICO advised the council to introduce mandatory training and tighten up its security.
Montgomeryshire MP Glyn Davies said he was "shocked by this huge blow to the taxpayers of Powys".
"The council has got to get its act together to make sure nothing like this happens again," he said.
"It can't afford to make costly mistakes in these difficult economic times."
Powys council leader Michael Jones said it accepted the the ICO's findings and apologised for its failure to meet data protection legislation.
He added: "This was a regrettable case of human error and we have apologised to all parties for the distress the disclosure may have caused.
"The council expects staff, particularly those working in sensitive areas, to maintain the highest possible professional standards."
Mr Jones said disciplinary action had been taken against the member of staff involved in the breach.
"Although human error played a big part in the mistake, the council has reviewed procedures and strengthened practices where necessary to ensure the same mistaken is not made again," Mr Jones said.
He added that staff training was being improved.