The Information Commissioner’s Office has fined Stoke-on-Trent City Council £120,000 for a breach of the Data Protection Act.
In December last year, a solicitor at the council sent 11 emails containing "highly sensitive" information relating to a child in care to the wrong address.
"The ICO’s investigation found the solicitor was in breach of the council’s own guidance which confirmed that sensitive data should be sent over a secure network or encrypted," it said in a statement.
"However, the council had failed to provide the legal department with encryption software and knew that the team had to send emails to unsecure networks. The council also provided no relevant training."
It also pointed out that a similar breach had occurred in 2010, but the issue had not been resolved.
"The council has now introduced new measures to improve the security of information sent electronically, as well as signing a legal notice to improve the data protection training provided to their staff," the ICO said. "This should limit the chances of further personal information being lost.”