Two weeks ago the ICO announced that it had fined a senior barrister £1000 for failing to keep clients’ sensitive personal information secure. The ICO explained that the barrister had kept sensitive information on 250 clients on a home computer without using any encryption. Then, during an update of software on the computer, files were automatically backed up on-line, where they were temporarily visible to search engines. There are clear lessons here for other small businesses, but it would appear that large organisations also have issues. A few days later the ICO announced that it had fined Norfolk County Council £60 000 for leaving social work case files in a cabinet that they disposed of – the files were discovered by a member of the public who bought the cabinet in a second-hand shop! Once again, this example highlights that information security is not just about electronic data.
Information Commissioner's Office Hands Out More Fines
Share the Post:
Helen Molyneux is the founder and director of Cambridge Risk Solutions. A certified Lead Auditor for ISO 22301 and ISO 27001, she has spent nearly two decades helping organisations across the public and private sectors build genuine resilience — not just documented compliance. She writes from practice, not theory.