Tuesday 15 Apr 2014 @ 13:10
Information Commissioner's Office
Printable version

Sensitive social services records lost after being left on family’s doorstep

An investigation by the Information Commissioner’s Office (ICO) has ruled that a council in Berkshire breached the Data Protection Act after sensitive social services records relating to the care of a young child were lost 

The information had been requested by a family member who made a subject access request for their information to Wokingham Borough Council. The response included details of the requester and their child’s involvement with the council’s social services department, including allegations of neglect and abuse carried out by the requester’s ex-partner. 
 
The information was lost after the delivery driver left the documents outside the requester’s home in August 2013. The driver had not been told about the sensitivity of the information included in the delivery and had not been informed that the delivery required a signature, or returning to the council if no one was available to sign for the package. The council had also failed to arrange a suitable delivery time with the requester.

ICO Head of Enforcement, Stephen Eckersley, said:

“No one expects to have sensitive information about the care of their child left on the doorstep for anyone to stumble across. However, a series of errors by the council has led to a situation where a social service record containing damaging allegations of abuse suffered by the child, has been delivered with no consideration given to its content.

“This is not good enough and Wokingham Borough Council has nowagreed to take action to make sure future deliveries containing sensitive personal information are carried out securely. They must also make sure their staff receive regular training so they can follow the council’s updated processes.” 

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on TwitterFacebook and LinkedIn, and produces a monthly e-newsletter.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

5. If you need more information, please contact the ICO press office on 0303 123 9070.

Channel website: https://ico.org.uk/

Share this article

Latest News from
Information Commissioner's Office

Automated decisions can streamline the hiring process – with the right safeguards in place

01/04/2026 09:10:00

We are calling on businesses to review their use of automated decisions in the recruitment process to ensure the right protections are in place.  

 

Birmingham-based pendant alarm company fined £100,000 for making unsolicited marketing calls

27/03/2026 12:10:00

We have fined a Birmingham-based company £100,000 for making over 260,000 unsolicited marketing sales calls to numbers registered on the Telephone Preference Service (TPS), in a clear breach of law.

Joint statement from ICO and Ofcom on age assurance

26/03/2026 16:20:00

We have published a joint statement with Ofcom about the main areas of interaction between online safety and data protection as they relate to age assurance.

Open letter issued to tech firms to strengthen age checks and protect children’s data

12/03/2026 17:10:00

We have today published an open letter to social media and video‑sharing platforms operating in the UK, calling on them to strengthen age assurance measures so young children can’t access services that are not designed for them. 

Police Scotland fined £66k and reprimanded following serious data mishandling

12/03/2026 15:10:00

We have issued a £66,000 fine and a reprimand to Police Scotland for serious failures in the handling of sensitive personal information. 

Reddit issued with £14.47m fine for children’s privacy failures

24/02/2026 12:25:00

We have fined Reddit £14.47m after finding the company failed to use children’s personal information lawfully.

International Data Protection Authorities issue joint statement on privacy risks of AI-generated imagery

24/02/2026 09:10:00

Data protection authorities from across the globe have today published a Joint Statement on AI-Generated Imagery. 

ICO wins Court of Appeal case in DSG Retail ruling

20/02/2026 16:05:00

We welcome the Court of Appeal’s (CoA) ruling that we have succeeded in our appeal against the decision of the Upper Tribunal on DSG Retail Limited (DSG). 

Update: Further convictions in UK’s largest nuisance call investigation

18/02/2026 16:15:00

We are pleased to announce that two further individuals have been convicted following our extensive investigation into the unlawful accessing and sale of personal information obtained from over 400 garages across the UK, as well as claims management and insurance companies.