Feeds

Child abuse files stolen from council worker in PUB - £100k fine

Another council coughs £80k for HAND-DELIVERING kid's info to neighbour

The UK's data protection watchdog has fined two English council bodies a total of £180,000 after finding they had failed to keep "highly sensitive information" about children secure.

Croydon Council was fined £100,000 after a bag containing papers about a child sex abuse court case was stolen from a social worker in a pub in April last year, the Information Commissioner's Office (ICO) said.

Norfolk County Council was fined £80,000 after a social worker at the authority hand-delivered a report featuring "highly sensitive personal data about a child’s emotional and physical wellbeing, together with other personal information" to the wrong address.

The report was delivered to the next door neighbour of the intended recipient, also in April 2011, after the social worker wrote the wrong address down on the report, the ICO said. The ICO said that Croydon Council had failed to communicate its data protection guidance to staff and had inadequate checks in place to ensure it had been read and understood.

The council's policy on data security also did not include the requirement that sensitive personal data be kept secure when taken off-premises, the watchdog said.

The social worker at Norfolk County Council had failed to complete mandatory training in data protection and the authority did not have appropriate systems in place to check this, the ICO said. The council also failed to operate a system that requires colleagues to check each other's work to ensure sensitive information is sent to the right address, it said.

Both authorities have agreed to alter their data protection practices following the breaches.

“We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen. However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place," Stephen Eckersley, head of enforcement at the ICO, said in a statement. “One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training.

"While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation," he said.

Under the Data Protection Act, organisations in control of personal data are required to take "appropriate technical and organisational measures" to prevent "unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". The Act requires extra care around the handling of sensitive personal data, such as information relating to individuals' "physical or mental health or condition". Under the Act the ICO has the power to issue fines of up to £500,000 for serious breaches of personal data.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.