On May 15, ICO levied the fine against the London Borough of Barnet for the loss of highly sensitive paper records that included the names, addresses, dates of birth, and details of the sexual activities of 15 vulnerable youth.
The breach occurred when the home of a social worker employed by the council was burglarized in April 2011 and a laptop bag containing the records and an encrypted computer were stolen. ICO determined that the council had violated the Data Protection Act by failing to take appropriate measures to protect the personal data on the paper records.
The penalty comes after the council signed an undertaking in June 2010 following an earlier incident during which an unencrypted device containing personal data was stolen from another employee’s home, ICO explained. While the council later introduced a paper handling policy following the undertaking, this policy was not in place at the time of the second loss, it added.
The council said it was “very disappointed that the commissioner has fined the council in this instance. This data loss was the result of a criminal act where a member of staff had their house broken into and material that was under lock and key was stolen”, a council spokesman told Publicservice.co.uk.
“The ICO also accepts that it was appropriate for the member of staff to have this material at home for this period. There is no evidence that the material taken has been misused in any way”, the spokesman added.