15.04.14
Data breaches at Wirral and Wokingham councils – ICO
The Information Commissioner’s Office (ICO) has ruled that two local authorities in England have breached the Data Protection Act (DPA) after mishandling sensitive social services records.
Wokingham Borough Council in Berkshire lost documents that related to the care of a young child. The information, which included details of the requester and their child’s involvement with the council’s social services department, including allegations of neglect and abuse carried out by the requester’s ex-partner, went missing after the delivery driver left the documents outside the requester’s home in August 2013.
Stephen Eckersley, ICO head of enforcement, said: “No one expects to have sensitive information about the care of their child left on the doorstep for anyone to stumble across. However, a series of errors by the council has led to a situation where a social service record containing damaging allegations of abuse suffered by the child, has been delivered with no consideration given to its content.”
He added that Wokingham council has now agreed to take action to make sure future deliveries containing sensitive personal information are carried out securely.
PSE has requested comment from the council.
Wirral Borough Council in Merseyside breached the DPA by sending out personal information to the wrong address on two occasions.
The information was disclosed by the local authority in February and April 2013. The records included sensitive personal details relating to two families living in the borough and in one case included details of a criminal offence committed by one of the family members.
Eckersley said: “While human error was a factor in each of these cases, the council should have done more to keep the information secure. Social workers routinely handle sensitive information and Wirral Borough Council failed to ensure their staff received adequate training on how to keep people’s information secure.”
Wirral has made a formal undertaking to the ICO to improve data protection practices following these two breaches. The local authority did state, however, that the information was retrieved as soon as the mistakes were discovered, and the incident was reported by the Council to the ICO in spring 2013, in accordance with procedures.
Joe Blott, Wirral’s strategic director of transformation and resources, said: “We take these matters very seriously. As soon as we discovered the errors, we self-referred to the ICO and took immediate steps to discover what went wrong, and make sure we do what is necessary to ensure it doesn’t happen again.
“We have taken on board the ICO’s concerns, and have improved our data protection compliance. This has included training for staff with access to confidential and sensitive data, and a re-iteration of how we can and should endeavour to keep confidential information safe.”
Tell us what you think – have your say below or email [email protected]