The Information Commissioner’s Office has issued Midlothian Council a fine of £140,000 for sending sensitive information about children to the wrong recipients. The ICO found that the five data protection breaches, causing ‘serious upset’ to the children’s families, could have been avoided where adequate data protection policies, training and appropriate checks had been put in place. This story is a reminder to all institutions to ensure that robust procedures and checks are followed prior to any disclosure of sensitive personal information.