The Information Commissioner's Office (ICO) has fined Midlothian Council £140,000 for releasing highly-sensitive children services data to the wrong people on five separate occasions in as many months last year.
The ICO found that all of the breaches could have been avoided if the council had adequate data protection policies, training and checks in place.
