Share

Top 5 Stories

News

ICO fines council £90,000 for data breaches involving young children

06 June 2012

The UK Information Commissioner’s Office (ICO) has fined Telford and Wrenkin Council £90,000 for disclosing confidential and sensitive data on young children.

The £90,000 fine was issued for two data breaches that occurred within months of each other, ICO explained in a statement.

The first breach occurred on March 31, 2011, when a member of the council staff working in Safeguarding Services sent the Social Care Core Assessment of one child to a sibling rather than to the child’s mother, who lived at the same address. The assessment included sensitive details of the child’s behavior and the name and address, date of birth, and ethnicity of another young child who had made a serious allegation against one of the other children, ICO said.

The second breach occurred when the names and addresses of foster care placements of two young children were included in their Placement Information Record (PIR), which was shown to the children’s mother who was able to observe the foster care address. In response to the breach, the council moved the children to an alternative foster care placement to minimize the effects on them.

Both breaches resulted from problems with staff training and the Protocol information system used by the council.

For the first breach, the council found that “the Protocol system was set up so that the details of individuals were printed automatically on the assessment, although a user could tick a box to ensure that the details weren’t printed. There was also no process in place to check the documents before they were posted out”, ICO related.

For the second breach, the council found that the “default setting on the Protocol system was to include the foster carer’s details in the PIR, and there was no process in place to check the PIR after it was printed”, ICO added.

The council has agreed to provide staff with training and support on data protection and information security as well as on the use of the Protocol system. The council is also introducing formal guidance on checking documents printed off the Protocol system and making changes to its configuration. 

This article is featured in:
Data Loss  •  Public Sector  •  Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×