WiredGov Newswire (news from other organisations)
Printable version E-mail this to a friend

ICO - Sensitive information stolen from council worker’s unlocked bag

North Lanarkshire Council breached the Data Protection Act after the theft of a home support worker’s bag containing papers which included sensitive personal information, the Information Commissioner’s Office (ICO) said today.

The council alerted the ICO to the data breach shortly after the theft in October 2010. The bag - which was not locked - contained the worker’s visiting schedule for the next two days. The schedule included information relating to the mental or physical health of six vulnerable adults who were being supported by the council’s Housing and Social Work Services department.

The ICO’s enquiries found that the guidance provided by the council to its home support workers on the storage and disposal of personal information outside of the office, was inadequate.

Assistant Commissioner for Scotland, Ken Macdonald said:

"Organisations have a responsibility to make sure that any personal information used by their workers outside of the office remains secure. It is never acceptable for papers containing sensitive personal information to be left in an unlocked bag without necessary precautions. The council’s

guidance on the handling of this type of information was inadequate and failed to advise staff on the best means of keeping information safe.

"We are pleased that North Lanarkshire Council has taken action to ensure that its service users’ personal information will be better protected in the future."

Gavin Whitefield, Chief Executive of North Lanarkshire Council, has now signed an undertaking to ensure that the council has adequate policies and procedures on the storage, use and disposal of hard copy personal information in place.

A full copy of the undertaking can be viewed here:


If you need more information, please contact the ICO press office on

0303 123 9070 or visit the website at: www.ico.gov.uk.

Notes to Editors

The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO regulates the Data Protection Act 1998, the Freedom of Information Act 2000, the Privacy and Electronic Communications Regulations 2003 and the Environmental Information Regulations 2004. In Scotland, freedom of information is a devolved matter and Scottish public authorities are subject to the Freedom of Information (Scotland) Act 2002 which is regulated by the Office of the Scottish Information Commissioner in St Andrews.

The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

-  Fairly and lawfully processed

-  Processed for limited purposes

-  Adequate, relevant and not excessive

-  Accurate and up to date

-  Not kept for longer than is necessary

-  Processed in line with your rights

-  Secure

-  Not transferred to other countries without adequate protection