Feeds

Child abuse files stolen from council worker in PUB - £100k fine

Another council coughs £80k for HAND-DELIVERING kid's info to neighbour

The Essential Guide to IT Transformation

The UK's data protection watchdog has fined two English council bodies a total of £180,000 after finding they had failed to keep "highly sensitive information" about children secure.

Croydon Council was fined £100,000 after a bag containing papers about a child sex abuse court case was stolen from a social worker in a pub in April last year, the Information Commissioner's Office (ICO) said.

Norfolk County Council was fined £80,000 after a social worker at the authority hand-delivered a report featuring "highly sensitive personal data about a child’s emotional and physical wellbeing, together with other personal information" to the wrong address.

The report was delivered to the next door neighbour of the intended recipient, also in April 2011, after the social worker wrote the wrong address down on the report, the ICO said. The ICO said that Croydon Council had failed to communicate its data protection guidance to staff and had inadequate checks in place to ensure it had been read and understood.

The council's policy on data security also did not include the requirement that sensitive personal data be kept secure when taken off-premises, the watchdog said.

The social worker at Norfolk County Council had failed to complete mandatory training in data protection and the authority did not have appropriate systems in place to check this, the ICO said. The council also failed to operate a system that requires colleagues to check each other's work to ensure sensitive information is sent to the right address, it said.

Both authorities have agreed to alter their data protection practices following the breaches.

“We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen. However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place," Stephen Eckersley, head of enforcement at the ICO, said in a statement. “One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training.

"While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation," he said.

Under the Data Protection Act, organisations in control of personal data are required to take "appropriate technical and organisational measures" to prevent "unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". The Act requires extra care around the handling of sensitive personal data, such as information relating to individuals' "physical or mental health or condition". Under the Act the ICO has the power to issue fines of up to £500,000 for serious breaches of personal data.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The Essential Guide to IT Transformation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.