The Information Commissioner's Office has served monetary penalties on two councils after emails containing highly sensitive personal information were sent to the wrong recipients. The ICO found that appropriate measures to prevent unauthorised processing were not in place. A lack of appropriate and relevant training for staff, inadequate encryption of information held and a failure to distinguish between internal and external communications had led to his conclusions. The ICO also recommended that in such circumstances, managers ought to approve any email distribution list used. FE and HE institutions are reminded to be particularly vigilant when processing sensitive and confidential information. Further details on the decisions are available on the ICO website.