Somerset County Council have been reprimanded by the ICO after an employee broke data laws by sending sensitive personal information concerning a teenager’s medical and behavioural history to the wrong family. .The incident is thought to have occurred as a result of the council employee working on two similar cases at the same time.
In addition, the council failed to act in the correct manner when the error was revealed. The recipient of the information was initially told to throw it away, then later advised that a council employee would collect it
Sally-Anne Poole, the ICO's acting head of enforcement, pointed out that despite the information being returned, "the damage had already been done". She also claimed it was very likely the incident would cause "considerable embarrassment to those affected”. “The information collected by social services departments is often extremely sensitive,” she said. “Local authorities should make sure they have adequate measures in place to keep this information secure, especially where there is the potential for human error.”
The chief executive of Somerset County Council, Sheila Wheeler, has signed an undertaking from the ICO indicating that staff will receive additional training on data policies and procedures.