Scottish Borders Council has been slapped with a £250,000 fine from the Information Commissioner's Office, after staff salary and bank account details were dumped in a supermarket recycling bin.
The council had employed a third party to digitise some of its staff records, but failed to stipulate how the information should be secured.
As a result, more than 600 files, containing confidential information including banking details, are thought to have been deposited in recycling bins. The practice only came to light when a member of the public alerted the police.
"This is a classic case of an organisation taking its eye off the ball when it came to outsourcing,” said Ken Macdonald, ICO assistant commissioner for Scotland.
Many of the files were recovered by police, while some are thought to have been destroyed in the recycling process.
The ICO added that the rules on data protection were clear that organisations were responsible for the security of any personal data they hand over to third parties, and are expected to put appropriate safeguards in place.
The maximum fine that the ICO could have issued for the offence is £500,000. Scottish Borders Council will have the fine reduced to £200,000 if it pays by 11 October.
14nm Cavium ThunderX2 CPUs deployed in HPE Apollo 70 supercomputer for US National Nuclear Security Administration
MWR's Countercept platform and phishd technologies key to F-Secure acquisition
Brexit labour shortages will lead to higher adoption of robotics
Newbies will be thrown in with the big boys on Sanhok as Kar98 fodder