DEVON County Council staff are undergoing compulsory training after a data protection blunder led to the authority being fined £90,000.
The penalty – which comes as the council grapples with a 2.1 per cent cut in its funding settlement – was imposed by the Information Commissioner's Office.
It follows a "serious" incident in which a social worker used a previous case as a template for an adoption panel report they were writing, but sent out a copy of the old report instead of the new one by mistake.
The error revealed personal data of 22 people, including details of alleged criminal offences and mental and physical health.
A damning report on the incident issued by the ICO states: "The report contained confidential and highly sensitive personal data.
"It was about the child of a couple who was being considered for adoption and included information about the couple's immediate and extended family, such as their ethnic origin and religion, mental and physical health, together with the alleged commission of criminal offences."
The ICO found the breach was "likely to cause substantial distress" and that "many of the affected individuals were considered to be vulnerable".
It ruled that the council had "failed to take reasonable steps to prevent the contravention".
The authority had previously been given advice following three data security breaches in 2010.
The fine will be reduced to £72,000 if paid by January 10.
A Devon County Council spokesman said: "It was a mistake that simply shouldn't have happened, and we've apologised.
"We take our duties regarding data protection extremely seriously and have a good track record in this respect.
"However, we have already begun mandatory data protection training for all employees whose jobs involve handling personal data."
The ICO criticised local government's attitude towards protecting personal data after issuing penalties against four councils, including Devon.
Leeds City Council was fined £95,000, Plymouth City Council £60,000 and the London Borough of Lewisham £70,000. The penalties mean 19 councils have now received monetary penalties for breaching the Data Protection Act, totalling more than £1.8m.
Information Commissioner Christopher Graham said: "We are fast approaching £2m of monetary penalties issued to UK councils for breaching the Data Protection Act, with 19 councils failing to have the most straightforward of procedures in place.
"It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.
"The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated."