Feeds

Scots council cops £100K fine for spaffing vulnerable kids' data ONLINE

Aberdeen staffer uploaded children's files to public website

Secure remote control for conventional and virtual desktops

UK data privacy watchdogs have fined Aberdeen City Council £100,000 after a council employee published vulnerable children's details online.

The sensitive social services information was released after a council worker accessed documents, including meeting minutes and detailed reports, from her home computer. A file-transfer program installed on the machine automatically uploaded the documents to a website, publishing sensitive information about several vulnerable children and their families, including details of alleged criminal offences.

The files were uploaded between 8 and 14 November 2011 and remained available online until 15 February 2012 when another member of staff spotted the documents after carrying out an online search linked to their own name and job title. The documents were removed before the incident was reported to data watchdogs at the Information Commissioner's Office (ICO).

The ICO's investigation found that the council had no relevant home-working policy in place for staff. The local authority also erred in a lack of technology safeguards to restrict the downloading of sensitive information from the council's network.

Ken Macdonald, assistant commissioner for Scotland at the ICO, said: "As more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure.

"In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information. On a wider level, the council also had no checks in place to see whether the council’s existing data protection guidance was being followed. The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months."

Macdonald expressed the wish that the case would act as a wake-up call for other social work departments to improve their data protection practices. Aberdeen City Council has agreed to undertake an audit that will evaluate how it can improve its compliance with the Data Protection Act.

Only four of the penalties imposed by the ICO in the year to April 2013 fell on private sector firms, with the public sector copping fines of £2.09m out of a total of £2.61m. Take away the £250k fine against Sony over the 2011 breach of the PlayStation Network and the figures are even more slanted.

The most-penalised organisations by the ICO in the last financial year were local councils (accounting for eight penalties) and the NHS (accounting for six). NHS trusts alone were hit by fines of £945,000 while local council were stung for £845,000.

The fine against Aberdeen is further evidence that there's a poor data security culture in local government that appears to be deeply ingrained. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.