Feeds

Scots council cops £100K fine for spaffing vulnerable kids' data ONLINE

Aberdeen staffer uploaded children's files to public website

High performance access to file storage

UK data privacy watchdogs have fined Aberdeen City Council £100,000 after a council employee published vulnerable children's details online.

The sensitive social services information was released after a council worker accessed documents, including meeting minutes and detailed reports, from her home computer. A file-transfer program installed on the machine automatically uploaded the documents to a website, publishing sensitive information about several vulnerable children and their families, including details of alleged criminal offences.

The files were uploaded between 8 and 14 November 2011 and remained available online until 15 February 2012 when another member of staff spotted the documents after carrying out an online search linked to their own name and job title. The documents were removed before the incident was reported to data watchdogs at the Information Commissioner's Office (ICO).

The ICO's investigation found that the council had no relevant home-working policy in place for staff. The local authority also erred in a lack of technology safeguards to restrict the downloading of sensitive information from the council's network.

Ken Macdonald, assistant commissioner for Scotland at the ICO, said: "As more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure.

"In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information. On a wider level, the council also had no checks in place to see whether the council’s existing data protection guidance was being followed. The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months."

Macdonald expressed the wish that the case would act as a wake-up call for other social work departments to improve their data protection practices. Aberdeen City Council has agreed to undertake an audit that will evaluate how it can improve its compliance with the Data Protection Act.

Only four of the penalties imposed by the ICO in the year to April 2013 fell on private sector firms, with the public sector copping fines of £2.09m out of a total of £2.61m. Take away the £250k fine against Sony over the 2011 breach of the PlayStation Network and the figures are even more slanted.

The most-penalised organisations by the ICO in the last financial year were local councils (accounting for eight penalties) and the NHS (accounting for six). NHS trusts alone were hit by fines of £945,000 while local council were stung for £845,000.

The fine against Aberdeen is further evidence that there's a poor data security culture in local government that appears to be deeply ingrained. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.