Tom Morrison returns with his quarterly review of the world of information law
The previous edition of this column highlighted the fact that, while there had been a great deal of enforcement activity in the preceding quarter, the information commissioner’s office (ICO) had seemed to have eased off using its fining powers following a pattern of fairly consistent use over the previous year (161 NLJ 7490, p 1586). The focus had very much switched to highlighting what had gone wrong and securing compliance going forward through a series of undertakings to do better. Well things have moved on since then.
So what has been happening?
Councils in particular have been in the firing line; here are a few examples:
- Worcestershire County Council and North Somerset County Council were fined £80,000 and £60,000 respectively at the end of November 2011. In the Worcestershire case a member of staff e-mailed highly sensitive personal data about a large number of vulnerable people to 23 unintended recipients. The error was caused by the sender clicking on the wrong e-mail distribution list. In the North Somerset case an employee