A council that accidentally faxed details of a child sex abuse case to a member of the public was fined £100,000 by the Information Commissioner today, in the first use of his new powers to punish data breaches.
Hertfordshire County Council intended to send the fax to barristers in June this year.
Once officials realised their mistake they obtained an injunction to block the member of the public from further disclosing the information.
The fine against the council also covers a second incident, 13 days later. Another member of its childcare litigation unit misdirected another fax, this time concerning care proceedings.
"It is difficult to imagine information more sensitive than that relating to a child sex abuse case," said Christopher Graham, the Information Commissioner.
"I am concerned at this breach – not least because the local authority allowed it to happen twice within two weeks."
Hertfordshire County Council accepted Graham's findings today.
"We are sorry that these mistakes happened and have put processes in place to try to prevent any recurrence," it said.
The Information Commissioner's new powers came into force in April, and allow for fines of up to £500,000 for serious breaches of the Data Protection Act. Previously the maximum penalty was a £5,000 fine.
Graham today also fined the training contractor A4e, which runs the Department of Work and Pensions' League of Gentlemen-style job clubs, £60,000. In June it lost an unencrypted laptop containing the personal data of 24,000 people who had used community legal advice services in Hull and Leicester. ®