We at Big Brother Watch have long complained about the unwillignness of the Information Commissioner to effectively use his powers to name, shame and fine those who are guilty of gross abuses of data protection law. While these powers are used rarely, they are occasionally utilised for good effect.
One case where the ICO has shown a willingness to act is against Surrey County Council for their incompetence in e-mailing personal medical and welfare data of hundreds of people to the wrong recipients on three seperate occasions.
According to a report in the Surrey Herald:
"A member of one of the council’s Adult Social Care teams emailed a file containing sensitive personal information relating to 241 individuals’ physical and mental health to the wrong group email address.
"The group email address included a large number of transportation companies, including taxi firms, coach and mini bus hire services.
"The council attempted to recall the email, but was later unable to confirm that all the recipients had destroyed it.
"As the information was not encrypted or password protected, it had the potential to be viewed by a significant number of unauthorised individuals.
"A second misdirected email sent on June 22, 2010, lead to confidential personal data relating to a number of individuals being mistakenly emailed to more than 100 unintended recipients who had registered to receive a council newsletter.
"In a third incident, the council’s Children Services department sent confidential sensitive information, which included data relating to an individual’s health, to the wrong internal group email address on January 21, 2011."
You can view the whole story here.