Wolverhampton City Council has been ordered to train all 6,000 of its staff in data protection in the next 50 days or be prosecuted for contempt of court.
It comes after a blunder by a social worker which saw highly sensitive information released to a third-party.
The order by the Information Commissioner Office (ICO) comes after an investigation into a breach in January 2012.
It has also been discovered by the ICO that 68 per of council staff are yet to be trained in data protection.
The investigation was launched after a social worker, who had not received data protection training, sent a report to a former service user detailing their time in care. However, the worker failed to remove highly sensitive information about the recipient’s sister.
A month before the investigation the ICO, a watchdog on the openness of public bodies and data privacy for individuals, carried out an audit at the council and recommended it introduce a data protection policy. It went on to explain how people’s information should be kept secure as well as recommending to the council to provide mandatory staff training so that the policy was followed.
ICO head of enforcement, Stephen Eckersley, said: “The lack of urgency displayed by Wolverhampton City Council is startling. Over two years ago, we reviewed the council’s practices and highlighted the need for guidance and mandatory training to help its staff keep residents’ information secure. Despite numerous warnings the council has failed to act.”
A council spokesman said: “We accept the findings in the ICO report. Employees have been undertaking compulsory data protection training and we are on track to meet the ICO’s deadline.”