Telford and Wrekin Council fined for data breach

Telford and Wrekin Council has been fined more than £70,000 for two data protection breaches which revealed information about vulnerable children.

A social care assessment was sent to a sibling, instead of the mother, and identified another child who had made a serious allegation.

Foster placements for two children also had to be changed after details were shown to the mother, the Information Commissioner’s Office (ICO) said.

The council reported the breaches.

‘Lacking adequate information’

The ICO said the penalty of £90,000, reduced to £72,000 for prompt payment, reflected the seriousness of the cases.

An investigation carried out by the council after the first breach on 31 March last year found that the records set up on the IT system used by the authority’s safeguarding services team were lacking “adequate information”.

It also found that there was no process in place to check assessment documents before they were posted out, the ICO said.

A subsequent investigation, following the second breach, found that the default setting on the software was to include the foster carer’s details in the Placement Information Record (PIR).

There was also no process in place to check the PIR after it was printed.

Telford and Wrekin said it had provided further training and support for safeguarding services staff on data protection, as well as using the computer system.

It added that it believed the errors “were down to human error”.