A solicitor employed by the Council mistakenly sent eleven emails concerning a child protection court case to the wrong email address instead of sending them to the council’s barrister. These emails contained confidential and sensitive personal data about the case, including details of non-accidental injuries to a child and medical information about two adults and two other children.
The main failing, it is reported, was that the emails were not encrypted, so that whoever received them was able to read the plain text. Despite the Council having guidelines stating that this type of communication must be encrypted, apparently no encryption facilities were available to the solicitor. As a result she was not disciplined.
The Council was fined £120,000.