Feeds

Scots council cops £100K fine for spaffing vulnerable kids' data ONLINE

Aberdeen staffer uploaded children's files to public website

Protecting against web application threats using SSL

UK data privacy watchdogs have fined Aberdeen City Council £100,000 after a council employee published vulnerable children's details online.

The sensitive social services information was released after a council worker accessed documents, including meeting minutes and detailed reports, from her home computer. A file-transfer program installed on the machine automatically uploaded the documents to a website, publishing sensitive information about several vulnerable children and their families, including details of alleged criminal offences.

The files were uploaded between 8 and 14 November 2011 and remained available online until 15 February 2012 when another member of staff spotted the documents after carrying out an online search linked to their own name and job title. The documents were removed before the incident was reported to data watchdogs at the Information Commissioner's Office (ICO).

The ICO's investigation found that the council had no relevant home-working policy in place for staff. The local authority also erred in a lack of technology safeguards to restrict the downloading of sensitive information from the council's network.

Ken Macdonald, assistant commissioner for Scotland at the ICO, said: "As more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure.

"In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information. On a wider level, the council also had no checks in place to see whether the council’s existing data protection guidance was being followed. The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months."

Macdonald expressed the wish that the case would act as a wake-up call for other social work departments to improve their data protection practices. Aberdeen City Council has agreed to undertake an audit that will evaluate how it can improve its compliance with the Data Protection Act.

Only four of the penalties imposed by the ICO in the year to April 2013 fell on private sector firms, with the public sector copping fines of £2.09m out of a total of £2.61m. Take away the £250k fine against Sony over the 2011 breach of the PlayStation Network and the figures are even more slanted.

The most-penalised organisations by the ICO in the last financial year were local councils (accounting for eight penalties) and the NHS (accounting for six). NHS trusts alone were hit by fines of £945,000 while local council were stung for £845,000.

The fine against Aberdeen is further evidence that there's a poor data security culture in local government that appears to be deeply ingrained. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.