<h2>Hi</h2>

ICO - Letwin signs commitment to keep personal details secure

16 Nov 2011 12:53 PM

Oliver Letwin must ensure that he keeps personal information secure or face formal enforcement action, the Information Commissioner has said. Christopher Graham yesterday announced that the West Dorset MP’s disposal of constituency paperwork in public bins constituted a breach of the Data Protection Act.

Mr Letwin has signed a written commitment to put changes in place, including ensuring that any documents containing personal data are disposed of in a secure manner. Mr Letwin will also make sure that he complies with the Cabinet Office’s data handling guidance.

Christopher Graham, Information Commissioner, said:

“Constituents entrust their Member of Parliament with all sorts of personal information and should never expect the details of the concerns they’ve raised in confidence to end up in a park bin for anyone to see. It is clear that Mr Letwin has learned from this incident and we’re pleased that he has co-operated fully.

“It is fortunate that most of the information he discarded was not of a particularly sensitive nature and was therefore unlikely to cause substantial distress to his constituents. But if we receive any further reports or complaints about Mr Letwin’s conduct in this area then we will consider taking more formal action. I’m sure this case will also prompt other MPs to review their handling of personal data to ensure they’re doing all they can to keep it secure.”

On 14 October, the Daily Mirror published an article including images of Mr Letwin disposing of constituents’ letters and emails in public bins across St James’ Park. The documents – which were later handed over to the ICO by the newspaper – were then examined to determine what personal information they included.

The ICO has found that the letters and emails contained the names, addresses and contact details of approximately 20 individuals. One email also included a limited amount of information relating to an individual’s recent hospital treatment.

View a full copy of the undertaking
View all the ICO's data protection undertakings

The ICO has produced guidance on the security measures that organisations should have in place when storing personal information electronically.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

4. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.

5. If you need more information, please contact the ICO press office on 0303 123 9070 or ico.gov.uk/press