Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

UK City Hit With £120,000 Fine For Failing to Encrypt Email

Stoke-on-Trent City Council (UK) has been smacked with a £120,000 fine for failing to secure sensitive information that was being transmitted electronically. The data, child protection documents, was accidentally delivered to a person not related to the case, and wasn’t properly encrypted the Information Commissioner’s Office (ICO) said, posing a significant breach of the Data Protection Act.

Stoke-on-Trent City Council (UK) has been smacked with a £120,000 fine for failing to secure sensitive information that was being transmitted electronically. The data, child protection documents, was accidentally delivered to a person not related to the case, and wasn’t properly encrypted the Information Commissioner’s Office (ICO) said, posing a significant breach of the Data Protection Act.

The incident occurred last December, when 11 emails related to a child protection case were sent by a solicitor to the wrong email address. The emails contained sensitive information related to the care of a child and information related to the health of two other adults and two other children. The emails should have been sent to Counsel instructed on a child protection case.

“If this data had been encrypted then the information would have stayed secure. Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure. It is particularly worrying that a breach in 2010 highlighted similar concerns around encryption at the authority, but the issue was not properly resolved,” said Stephen Eckersley, Head of Enforcement at the ICO.

As a result, the Stoke-on-Trent City Council was fined £120,000 for breaching the council’s own guidance, which confirmed that sensitive data should be sent over a secure network or encrypted. Making the situation worse, subsequent investigation into the matter revealed that the council had failed to provide the legal department with encryption software and knew that the team had to send emails to unsecure networks. This is in addition to failing to offer proper training on the use of encrypted communications and encryption software.

“The council has now introduced new measures to improve the security of information sent electronically, as well as signing a legal notice to improve the data protection training provided to their staff. This should limit the chances of further personal information being lost,” Eckersley added.

Earlier this month, Greater Manchester Police paid £120,000 after a thief took a USB drive containing personal information from an officer’s home. It was later learned that officers normally used unsecured USB drivers to store and transport sensitive information, a fact that David Smith, the ICO’s director of data protection, said sends a “shiver down the spine.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...