ICO fines council £120,000 for crypto email fail:
Take the money out of the bins budget
Stoke-on-Trent City Council has been fined £120,000 for failing to use proper cryptography, resulting in the details of a child-protection case being shared with the wrong people.
Last December a solicitor involved in a child-protection case sent 11 e-mails relating to the case to the wrong email address, a simple typo meaning that messages intended for the council were sent to a random member of the public. If they'd been encrypted, then that would have resulted in a confused recipient and no more – but they weren't and that's led to the £120,000 fine imposed by the Information Commissioner's Office.
The investigation found that the council already had guidelines in place which require the use of cryptography, and that the solicitor was in breach of those guidelines, but given the Council's own legal department had neither the skills nor the software to decrypt messages it was still fault.
