Hertfordshire County Council has been fined £100,000 after faxing “highly sensitive personal information” about a child sex abuse case to a member of the public.

The council has apologised for two breaches of the Data Protection Act, after "extremely personal" details of childcare proceedings were also sent to the wrong recipient.

The breaches, both in June this year, took place when staff in the council's childcare litigation unit “accidentally” sent two faxes to the wrong people.

The council then reported both breaches to the Information Commissioner's Office (ICO).

The first fax was intended for a barristers' chambers handling a court case but when the wrong number was dialled, it was sent to a member of the public.

The council later obtained a court injunction prohibiting any disclosure of the facts of the court case or circumstances of the data breach.

Thirteen days later, a second fax was mistakenly sent to barristers’ chambers unconnected with the case, instead of Watford County Court.

Another member of the council’s childcare litigation unit had sent the data, which contained information about the care proceedings of three children, the previous convictions of two individuals, domestic violence records and care professionals’ opinions.

The commissioner ruled that a fine of £100,000 was appropriate, as the council’s procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress.

He also found that after the first breach occurred, the council did not do enough to reduce the likelihood of another breach occurring.

Councillor Chris White, leader of Hertfordshire's Liberal Democrat opposition group said: “This complacent council has done it again. It can't fix the roads. It can't get its accounts straight. And it can't prevent itself from sending confidential papers to the wrong address.

“It's not as though this were one off incompetence: it happened twice and the council failed to take proper action over the first occasion.

“Residents who bump along over poorly maintained roads while listening to the county council boasting about how wonderful it is in one of the two dozen press releases it issues each day will be asking how the £100,000 fine will be paid for.

“It is simple: the official in charge of this department should go along with the Conservative councillor who must have known about this and yet did nothing about it.”

The council apologised for the mistakes and said it had moved to prevent anything similar happening in the future.

A statement said: “We are sorry that these mistakes happened and have put processes in place to try to prevent any recurrence.

“We accept the finding of the commissioner.”

The fine is one of the first financial penalties handed out by the commission for serious breaches of data protection.

A second fine of £60,000 was also issued to employment services company A4e for the loss of an unencrypted laptop, which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.

Christopher Graham, Information Commissioner, said: “It is difficult to imagine information more sensitive than that relating to a child sex abuse case. I am concerned at this breach – not least because the local authority allowed it to happen twice within two weeks. The laptop theft, while less shocking, also warranted nothing less than a monetary penalty as thousands of people’s privacy was potentially compromised by the company’s failure to take the simple step of encrypting the data”.

“These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds.”