Feeds

Child abuse files stolen from council worker in PUB - £100k fine

Another council coughs £80k for HAND-DELIVERING kid's info to neighbour

Choosing a cloud hosting partner with confidence

The UK's data protection watchdog has fined two English council bodies a total of £180,000 after finding they had failed to keep "highly sensitive information" about children secure.

Croydon Council was fined £100,000 after a bag containing papers about a child sex abuse court case was stolen from a social worker in a pub in April last year, the Information Commissioner's Office (ICO) said.

Norfolk County Council was fined £80,000 after a social worker at the authority hand-delivered a report featuring "highly sensitive personal data about a child’s emotional and physical wellbeing, together with other personal information" to the wrong address.

The report was delivered to the next door neighbour of the intended recipient, also in April 2011, after the social worker wrote the wrong address down on the report, the ICO said. The ICO said that Croydon Council had failed to communicate its data protection guidance to staff and had inadequate checks in place to ensure it had been read and understood.

The council's policy on data security also did not include the requirement that sensitive personal data be kept secure when taken off-premises, the watchdog said.

The social worker at Norfolk County Council had failed to complete mandatory training in data protection and the authority did not have appropriate systems in place to check this, the ICO said. The council also failed to operate a system that requires colleagues to check each other's work to ensure sensitive information is sent to the right address, it said.

Both authorities have agreed to alter their data protection practices following the breaches.

“We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen. However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place," Stephen Eckersley, head of enforcement at the ICO, said in a statement. “One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training.

"While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation," he said.

Under the Data Protection Act, organisations in control of personal data are required to take "appropriate technical and organisational measures" to prevent "unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". The Act requires extra care around the handling of sensitive personal data, such as information relating to individuals' "physical or mental health or condition". Under the Act the ICO has the power to issue fines of up to £500,000 for serious breaches of personal data.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.