City of York falls foul of data protection act following printer mix-up

The personal information was sent out with other documentation to the wrong person after being mistakenly collected from a shared printer and mailed without being checked.

Sally-anne Poole, acting head of enforcement at the ICO, said: "This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data. If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided."

The City of York Council has introduced new security measures governing the use of its printers, with staff now required to carry out appropriate quality control checks to avoid information being incorrectly disclosed.

Kersten England, CEO of the City of York Council, has signed an undertaking to ensure that new procedures are put in place to prevent documentation containing any form of personal data from being printed where there is no business need to do so.

The council will also bring in new quality control checks on all the information it handles prior to distribution, as well as extending its clear desk policy to include printer trays, post trays and other pending work trays. The council has agreed that all of the measures outlined in the undertaking will be in place within the next four months.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?