{"id":36,"date":"2011-06-09T18:40:39","date_gmt":"2011-06-09T18:40:39","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=36"},"modified":"2011-06-10T21:18:31","modified_gmt":"2011-06-10T21:18:31","slug":"surrey-council-fined-over-dpa-offences","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/","title":{"rendered":"Surrey Council Fined over DPA offences"},"content":{"rendered":"<p>The ICO has flexed its muscles against Surrey Council and imposed a \u00a3120,000 fine for breaching the Data Protection Act. While this falls well short of the maximum allowed in law (\u00a3500,000) it is larger than most of the recent fines issued.<\/p>\n<p>The\u00a0likelihood\u00a0is that the size of this offence was more driven by the repeated nature of security breaches at Surrey Council than the actual offence itself.<\/p>\n<p><a title=\"ICO Press Release - Surrey Council Fined \u00a3120k for DPA offence.\" href=\"http:\/\/www.ico.gov.uk\/~\/media\/documents\/pressreleases\/2011\/monetary_penalty_surrey_council_release_20110609.ashx\" target=\"_blank\">From the ICO&#8217;s site<\/a>:<\/p>\n<blockquote><p>This significant penalty fully reflects the seriousness of the case. The fact\u00a0that sensitive personal information relating to the health and welfare of\u00a0241 vulnerable individuals was sent to the wrong people is shocking\u00a0enough. But when you take into account the two similar breaches that\u00a0followed, it is clear that Surrey County Council failed to fully address the\u00a0risks of sending sensitive personal data by email until it was far too late.<\/p><\/blockquote>\n<p>The three offences in question were on 17 May 2010 (when the 241 sets of details were sent out), 22 June 2010 (when an unspecified number of breaches took place) and 21 Jan 2011 (which appears to be an almost minor offence and no data left the Council&#8217;s network).<\/p>\n<p>Reading through the ICO findings, it appears the Council failed to learn from the trigger incident (17 May 2010) and although it may have put some control measures in place these were not effective enough. There is a sad fact that even with the best security controls in place, breaches will still occur &#8211; however, it seems that in this case the ICO felt that the Council\u00a0didn&#8217;t\u00a0do enough to make amends.<\/p>\n<p>Christopher Graham, UK Information Commissioner, stated: (emphasis ours)<\/p>\n<blockquote><p>Any organisation handling sensitive information must have appropriate\u00a0levels of security in place. Surrey County Council has paid the price for\u00a0their failings and this case should act as a warning to others that <strong>lax data\u00a0protection practices will not be tolerated<\/strong>.<\/p><\/blockquote>\n<p>This is probably the most salient lesson to take away from the fine on Surrey County Council.<\/p>\n<p>As we so often state, do not wait until the ICO is investigating you to build security into your business process.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ICO has flexed its muscles against Surrey Council and imposed a \u00a3120,000 fine for breaching the Data Protection Act. While this falls well short of the maximum allowed in law (\u00a3500,000) it is larger than most of the recent fines issued. The\u00a0likelihood\u00a0is that the size of this offence was more driven by the repeated [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,3],"tags":[24,16,28,18],"class_list":["post-36","post","type-post","status-publish","format-standard","hentry","category-security","category-securitynews","tag-data-protection","tag-government","tag-identity-protection","tag-security-news","entry"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Surrey Council Fined over DPA offences - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Surrey Council Fined over DPA offences - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"The ICO has flexed its muscles against Surrey Council and imposed a \u00a3120,000 fine for breaching the Data Protection Act. While this falls well short of the maximum allowed in law (\u00a3500,000) it is larger than most of the recent fines issued. The\u00a0likelihood\u00a0is that the size of this offence was more driven by the repeated [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-09T18:40:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2011-06-10T21:18:31+00:00\" \/>\n<meta name=\"author\" content=\"Taz Wake - Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/tazwake\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Taz Wake - Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\"},\"author\":{\"name\":\"Taz Wake - Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\"},\"headline\":\"Surrey Council Fined over DPA offences\",\"datePublished\":\"2011-06-09T18:40:39+00:00\",\"dateModified\":\"2011-06-10T21:18:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\"},\"wordCount\":353,\"commentCount\":1,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Data Protection\",\"Government\",\"Identity Protection\",\"Security News\"],\"articleSection\":[\"Security\",\"Security News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\",\"name\":\"Surrey Council Fined over DPA offences - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2011-06-09T18:40:39+00:00\",\"dateModified\":\"2011-06-10T21:18:31+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Surrey Council Fined over DPA offences\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\",\"name\":\"Taz Wake - Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"caption\":\"Taz Wake - Halkyn Security\"},\"description\":\"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Surrey Council Fined over DPA offences - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/","og_locale":"en_GB","og_type":"article","og_title":"Surrey Council Fined over DPA offences - Halkyn Security Blog","og_description":"The ICO has flexed its muscles against Surrey Council and imposed a \u00a3120,000 fine for breaching the Data Protection Act. While this falls well short of the maximum allowed in law (\u00a3500,000) it is larger than most of the recent fines issued. The\u00a0likelihood\u00a0is that the size of this offence was more driven by the repeated [&hellip;]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/","og_site_name":"Halkyn Security Blog","article_published_time":"2011-06-09T18:40:39+00:00","article_modified_time":"2011-06-10T21:18:31+00:00","author":"Taz Wake - Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/tazwake","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Taz Wake - Halkyn Security","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/"},"author":{"name":"Taz Wake - Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc"},"headline":"Surrey Council Fined over DPA offences","datePublished":"2011-06-09T18:40:39+00:00","dateModified":"2011-06-10T21:18:31+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/"},"wordCount":353,"commentCount":1,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Data Protection","Government","Identity Protection","Security News"],"articleSection":["Security","Security News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/","name":"Surrey Council Fined over DPA offences - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2011-06-09T18:40:39+00:00","dateModified":"2011-06-10T21:18:31+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/surrey-council-fined-over-dpa-offences\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Surrey Council Fined over DPA offences"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc","name":"Taz Wake - Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","caption":"Taz Wake - Halkyn Security"},"description":"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.","sameAs":["http:\/\/www.halkynconsulting.co.uk","https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-A","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":3,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":41,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/36\/revisions\/41"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}