The Information Commissioner's Office (ICO) has fined the Nursing and Midwifery Council £150,000 after it lost three DVDs containing details of a nurse's misconduct hearing.
The fine, coming just a few weeks after a £250,000 for Sony, underlines the ICO's willingness to go after private organisations in its efforts to clamp down on shoddy data handling practices.
According to the ICO, the DVDs contained confidential personal information about the nurse and included evidence given by two vulnerable children.
The council used a courier to deliver the DVDs as evidence pertaining to the 'fitness to practise' case to the hearing venue. When the packages arrived, the disks were missing but the packages showed no signs of tampering.
Subsequent investigations by the ICO uncovered that the DVDs had not been encrypted and they have never been recovered, despite extensive searches.
These glaring lapses in security exasperated deputy commissioner of the ICO, David Smith, who said the watchdog is fed up with seeing such basic errors being made.
"It would be nice to think that data breaches of this type are rare, but we're seeing incidents of personal data being mishandled again and again," he said.
"While many organisations are aware of the need to keep sensitive paper records secure, they forget personal data comes in many forms, including audio and video images, all of which must be adequately protected."
Smith urged organisations to think carefully about their data protection polices, or they could end up in a similar position to the Midwifery Council.
"Is the policy robust? Does it cover audio and video files containing personal information? And is it being followed in every case? If the answer to any of those questions is no, then the organisation risks a data breach and a possible weighty monetary penalty."
"[In this case] no policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered."
"Had that simple step been taken, the information would have remained secure and we would not have had to issue this penalty."
The NMC said it was "disappointed" with the fine but said it had learnt lessons from the incident.
"Our policy, in place at the time, required encryption. We received the DVDs from the police unencrypted but we failed to encrypt them before we sent them on. We very much regret this and have now corrected our practice," it said.
"The cause of the incident is understood to have been an isolated human error."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago