Plymouth City Council is criticised over data protection
THE Information Commissioner's Office (ICO) has criticised councils' attitude towards protecting personal data, after local authorities – including Plymouth City Council – were fined for revealing private information.
Plymouth City Council was served a monetary penalty of £60,000, Devon County Council £90,000 and Leeds City Council £95,000 after separate incidents saw details of child care cases sent to the wrong recipients
The penalties mean that 19 local councils have now received monetary penalties for breaching the Data Protection Act, totalling £1,885,000.
The breach at Plymouth City Council saw information passed to the wrong recipient, including highly sensitive personal information about two parents and four children.
Business Cards From Only £10.95 Delivered www.myprint-247.co.ukView details
Our heavyweight cards have FREE UV silk coating, FREE next day delivery & VAT included. Choose from 1000's of pre-designed templates or upload your own artwork. Orders dispatched within 24hrs.
Terms: Visit our site for more products: Business Cards, Compliment Slips, Letterheads, Leaflets, Postcards, Posters & much more. All items are free next day delivery. www.myprint-247.co.uk
Contact: 01858 468192
Valid until: Friday, May 31 2013
The breach occurred when two reports about separate child neglect cases were sent to the same shared printer. Three pages from the first report were mistakenly collected with the papers from the second case, and so were handed to the wrong family.
In Devon, a social worker used a previous case as a template for an adoption panel report they were writing, but a copy of the old report was sent out instead of the new one. The mistake revealed personal data of 22 people, including details of alleged criminal offences and mental and physical health.
Information Commissioner Christopher Graham said: "It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society."
"There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems."
The ICO is pressing the Ministry of Justice for stronger powers to audit local councils' data protection compliance. The same powers are sought for NHS bodies across the UK following a series of data protection breaches in the health sector.
A Plymouth City Council spokeswoman said: "The breach occurred a year ago because three pages of information were collected from a printer in error together with another document. It was given to a client in an envelope by a social worker. It was later reported by the client and immediate action was taken to manage the situation.
"In line with guidance, the incident was reported to the Information Commissioner's Office. The three pages were quickly recovered and destroyed, both clients were spoken with about the incident and our sincerest apologies were offered.
"Practical steps to prevent a similar situation happening again were taken."
By paying early, the council cut its fine to £48,000.