Charity accused of leaving sensitive notes behind after office move
Yep, it's another case of the unchecked filing cabinet
Updated A counselling charity has been accused of breaching Blighty's data protection law after confidential files were discovered in an old office building.
The UK's data protection watchdog has confirmed it is investigating the suspected blunder, in which sensitive case histories relating to child sexual exploitation and drug addiction were reportedly left in a filing cabinet.
According to the Manchester Evening News, the building's landlord discovered the cabinet after the charity Change, Grow, Live (CGL) – which is contracted to provide alcohol and drug services for Tameside Council – vacated the office.
The building's owner, Peter Saunders, told the paper that inside the unlocked cabinet "there must have been 150 or 200 files with names, addresses, criminal records, details of abuse, addiction" and that some of these dated back up to 10 years.
He also reported finding handwritten notes about teenage clients undergoing counselling on the walls of the office, as well as confidential post that should have been redirected.
This isn't the first time that poor memories of what's in office furniture has left organisations facing fines and public outcry.
It's also scuppered bigger organisations than the ones in this case. Last month it was revealed that the Australian government sent a filing cabinet containing records from five successive governments to a second-hand shop.
In the UK, the ICO has the power to hand down fines of up to £500,000 for such breaches.
In March last year, it fined Norfolk County Council £60,000 after its children's social work team sent a cabinet to a second-hand shop.
The watchdog said it was "aware of an issue relating to the discovery of documents in Tameside, Greater Manchester, and will be making further enquiries" and stressed that organisations have a "legal duty" to store sensitive personal data securely.
But in this case, the charity and local authority seem to have failed to do so in more ways than one, by allegedly declining the opportunity to pick up the docs.
According to the Evening News, Saunders claimed that neither the charity nor the council helped him when he raised the alarm, which he said prompted him to go to the newspaper.
It reported that both have now been in touch with Saunders claiming ownership, but he plans to keep the files secure until the ICO has advised him on the next steps.
Kevin Crowley, executive director of CGL, claimed that it had "operated a paperless system" at the offices and was "urgently seeking access to Katherine Cavendish Premises to investigate the nature and extent of any sensitive historical information that remains on site".
CGL had moved to the premises in June last year after taking over the council contract from another charity Lifeline, but vacated them in November because it was unable to agree to the proposed rental terms.
"Change, grow, live has thorough policies and procedures in place to keep sensitive information secure and, where warranted, we will not hesitate to take immediate steps to tighten our procedures if these have been found wanting," he added.
Tameside Council did not immediately respond to The Register's requests for comment, although the council told the Evening News that it took "any potential breach of the security of confidential information very seriously" and had reported the incident to the ICO. ®
Updated to add
A Tameside Council spokesperson has been in touch to say that both it and CGL have since visited the premises to collect the data.
"The data has been removed from the premises and is being stored securely by Tameside Council.
"We take any potential breach of the security of confidential information very seriously."
Sponsored: Becoming a Pragmatic Security Leader