17 October, 2017
A Council has been fined by the Information Commissioners Office after falling foul of Data Protection rules. Nottinghamshire CC has been fined £70,000 after leaving vulnerable people's personal information online for five years.
Nottinghamshire County Council unknowingly posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory without basic security or access restrictions such as a username or password. The matter was discovered and reported by a member of the public who found inadvertently stumbled across the sensitive personal information.
All organisations, including local authorities must ensure that they have appropriate procedures in place to guarantee that personal information is handled and processed in an appropriate manner and in accordance with the Data Protection Act. Organisations should ensure that IT security safeguarding procedures are implemented to ensure information is secure before being published online.