Basildon Council in Essex has been fined £150,000 by the Information Commissioner's Office for disclosing sensitive personal information in a planning application.
The disclosure of sensitive personal information took place in 2015 but was taken down after being flagged by the ICO.
The Information Commissioner's Office has termed the disclosure a 'serious incident' and has fined the Council for not only publishing the information without secondary vetting but also failing to remove the information when it was first discovered.
35 UK firms served monetary penalties for breaching privacy laws in 2016.
The Council had, in a planning application, revealed sensitive personal information about a traveller family which stayed in a green belt zone for several years. Leaked personal details included mental health issues and other disabilities.
The Council has said it has 28 days to appeal and is considering its position.
Brexit and GDPR: How will it affect you?
"This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available. Planning applications in themselves can be controversial and emotive, so to include such sensitive information and leave it out there for all to see for several weeks is simply unacceptable," said Sally Anne Poole, enforcement manager at the ICO.
The Information Commissioner's Office imposed fines of up to £3.2m on 35 British firms in 2016 for breaching data protection and privacy laws. The number of firms fined by the ICO doubled over the previous year, and so did the number of enforcement notices issued by the government body.