LANCASHIRE County Council has been rapped by the information commissioner after confidential documents were left in furniture sold in a second hand shop.
The Lancashire Telegraph revealed the blunder last year when the customer who bought the county council filing cabinet from a Blackburn second-hand shop came forward.
Now the Information Commissioner's Office has found Lancashire County Council in breach of the Data Protection Act following an investigation.
The council's chief executive Ged Fitzgerald has now signed an 'undertaking' which promises to implement a formal written procedure for the removal or disposal of any office furniture or equipment.
It also requires staff to be made aware of the council's policies for the storage, use and disposal of personal information and for the appropriate training to be provided.
The social service documents contained confidential details of East Lancashire residents including information about the ethnicity, religious beliefs and physical or mental health conditions of individuals.
In one instance, the data provided an almost complete picture of the individual's life.
The records were duplicates of documents held in the council's offices and had apparently been used by a social worker during active casework duties.
But no-one had apparently checked the filing cabinet before the item was put up for auction.
Sally-Anne Poole, head of enforcement at the ICO, said: "This incident highlights the importance of having the necessary safeguards in place to ensure personal information is disposed of securely.
"Organisations need to have the appropriate policies in place and staff need to be aware of these policies to ensure personal information is stored securely.
"I am pleased that Lancashire County Council is taking action to prevent a similar situation occurring in the future."
Roger Hulme, the county council's business services director Roger Hulme, issued another apology over the blunder.
He said: "We fully understand the concern and anxiety that incidents of this nature can cause and have apologised to the people affected by this breach."