Alpha Biolabs1 Garden CourtFamily Law Week Email Subscription

Adoptive parents’ details mistakenly sent to birth family

Council’s data breach incurs £70,000 penalty

The Information Commissioner's Office has served a monetary penalty of £70,000 to Halton Borough Council in Cheshire following a breach of the Data Protection Act.

The breach occurred on 25th May last year when a council employee sent a letter about an adopted child to the birth mother, and mistakenly included a covering letter giving details of the adoptive parents' home address. The birth mother passed this information to her parents who had been trying to obtain access to their grandchild. Subsequently they wrote to the adoptive parents seeking contact.

At the time of the breach the employee involved was under the impression that adequate checks had already been carried out and the correspondence was simply for filing and distribution.

The ICO's investigation concluded that the breach was caused by Halton Borough Council's underlying failure to have a clear policy and process for checking such correspondence, and relevant training for their staff.

Since the breach, Halton Borough Council has implemented a clear checklist of requirements before such correspondence can be distributed, together with a peer-checking process for work carried out by their staff.