WiredGov Newswire (news from other organisations)
Printable version E-mail this to a friend

ICO - Leicestershire County Council in data breach

Leicestershire County Council have breached the Data Protection Act (DPA), following the theft of a briefcase containing sensitive personal data from a social worker’s home, the Information Commissioner’s Office (ICO) said recently.

The ICO was informed by the Council in May 2011 that a briefcase, containing documents to be used for initiating court proceedings, had been stolen from a social worker’s house during a burglary. These contained the sensitive personal data of 18 individuals which outlined details of neglect and requested the removal of the children from their parents’ care.

The social worker had asked for permission to take the reports home in order to continue work on them, and this was authorised by the relevant manager, in accordance with the Council’s procedures.

At the time of the incident, the employee’s manager had received the relevant training, but the social worker had not. The authority had a policy in place but this didn’t relate to the handling of paper documents while working from home.

Stephen Eckersley, the ICO’s Head of Enforcement said:

“Local authorities must recognise that social workers are handling some of the most sensitive information available. The fact that this information often relates to vulnerable young children means it is all the more important for these organisations to provide staff with adequate training and guidance on how to keep this information secure.

“While Leicestershire County Council already recognised the risks associated with home working and had produced guidance for their staff, the guidance did not explain how papers containing personal information should be kept secure.

“We are pleased that the Council have now committed to taking action to protect the personal information they handle and will extend its training programme to cover all staff who are regularly required to take this information outside of the office.”

Leicestershire County Council have committed to amending their existing policies to include detailed guidance relating to the security of paper documents while working from home, training staff on these amended policies, putting appropriate monitoring in place to ensure compliance, and implementing other security measures to ensure personal data is protected.

View the Leicestershire County Council undertaking
View all the ICO's data protection undertakings

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our Press Office page provides more information for journalists.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection
5. If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at www.ico.gov.uk

You Cant EffectivelyManage What You Cant Effectively See or Control