Information Commissioner's Office
Isle of Scilly Council ordered to review procedures following data incidents
The Information Commissioner’s Office (ICO) has ordered the Council of the Isle of Scilly to implement new data protection policies and training after two data breaches involving the disclosure of personal data.
The first breach occurred in June 2013 when an attachment inadvertently included in an email revealed personal data related to a disciplinary hearing.
A further incident occurred in September 2013 involving two documents containing sensitive personal data, ending up in public circulation. Poor data sharing, including staff using personal email accounts and paper documents not being properly redacted meant details of an investigation into the conduct of a former head teacher were disclosed publicly.
ICO Head of Enforcement, Stephen Eckersley, said:
“Personal data must be handled securely and safely. The council has failed to do so and must now make immediate changes.
“The people of the Isles of Scilly need to be confident their council understands and complies with the law. Our undertaking will help ensure they do so.”
The council has agreed to implement mandatory data protection training, with refresher training to be updated regularly. They must also draft appropriate guidance on the safe transfer of personal data by email and consider the use of encryption. The council must also draft a redaction policy.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
5. If you need more information, please contact the ICO press office on 0303 123 9070
Latest News from
Information Commissioner's Office
How modern data protection is helping to unlock the power of data13/05/2021 12:25:00
Elizabeth Denham’s keynote speech on the regulator’s view, delivered at the Data and the Future of Financial Services 2021 conference.
ICO and Office of the Privacy Commissioner, New Zealand, sign Memorandum of Understanding12/05/2021 15:15:00
The Information Commissioner’s Office (ICO) and the New Zealand Office of the Privacy Commissioner (OPC) have today signed a Memorandum of Understanding (MOU).
Blog: Work on updating the ICO’s Journalism code continues10/05/2021 09:10:00
Blog posted by: Anulka Clarke, Acting Director of Regulatory Assurance, 07 May 2021.
Five things we learned from DPPC 202107/05/2021 15:20:00
The ICO’s Data Protection Practitioners’ Conference 2021 was held this week, bringing together more than 3,000 data protection professionals from across the country.
Data Protection Practitioners’ Conference 202105/05/2021 14:15:00
Elizabeth Denham’s speech at the Data Protection Practitioners’ Conference on 5 May 2021
Digital Regulatory Cooperation Forum’s response to DCMS on the future of the digital regulatory landscape05/05/2021 12:05:00
The Digital Regulatory Cooperation Forum (DRCF) has submitted its response to the Department of Digital, Culture, Media and Sport (DCMS) on the future of the digital regulatory landscape and how to achieve coherence in regulatory approaches across digital services.
Blog: Free advisory check-ups help small businesses make the best use of their data30/04/2021 16:25:00
A blog from Syed Ali, Lead Engagement and Regulatory Assurance Officer
Data protection is an enabler for trust and confidence in the implementation of digital identity systems23/04/2021 12:25:00
Blog posted by: Steve Wood, Deputy Commissioner (Executive Director, Regulatory Strategy), 22 April 2021.
How the ICO Innovation Hub is enabling innovation and economic growth through cross-regulatory collaboration21/04/2021 14:20:00
The COVID-19 pandemic has changed work for so many of us around the world; forcing innovation and new ways of working. And that’s just as true for regulators – we’ve had to adapt to develop new ways to support organisations.