A series of blunders: Social worker left papers containing sexual abuse allegations in plastic bag on train
Monday 17 December 2012
A social worker left papers containing sexual abuse allegations in a plastic bag on a train in one of a series of blunders that saw fines for data breaches at councils hit £1.9 million.
London Borough of Lewisham was fined £70,000 for the breach, while Plymouth City Council has been hit with a £60,000 penalty for a separate incident, the Information Commissioner's Office (ICO) said.
Elsewhere, Leeds City Council was fined £95,000 and Devon County Council was hit with a £90,000 penalty bringing the total number of councils charged for Data Protection Act breaches to 19.
Information Commissioner Christopher Graham said: "It would be far too easy to consider these breaches as simple human error.
"The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence."
In Lewisham, a social worker left sensitive documents in a plastic shopping bag on a train after taking them home to work on.
The files, which were later recovered from the rail company's lost property office, included GP and police reports and allegations of sexual abuse and neglect.
The case in Leeds saw sensitive personal details about a child in care sent to the wrong person, disclosing details of a criminal offence and school attendance.
When sending internal mail, the council re-use envelopes that have been used for external mail - in this case the external address was not crossed out.
The breach at Plymouth City Council saw information passed to the wrong recipient including highly sensitive personal information about two parents and four children.
The breach occurred when two reports about separate child neglect cases were sent to the same shared printer.
And in Devon, a social worker used a previous case as a template for an adoption panel report they were writing, but a copy of the old report was sent out instead of the new one.
The mistake disclosed personal data of 22 people, including details of alleged criminal offences and mental and physical health.
Sir Christopher went on: "Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.
"The distress that these incidents would have caused to the people involved is obvious."
The ICO said it was pressing the Ministry of Justice for stronger powers to audit local councils' data protection compliance, if necessary without consent.
Tom Riordan, chief executive of Leeds City Council, said: "We take our data protection responsibilities seriously and regard any breach as unacceptable.
"We accept the findings of the Information Commissioner and although we have already apologised to the individual affected, we would like to take this opportunity to do so again.
"The incident happened over a year ago and we acted swiftly at the time to recover the data and put robust new systems in place to minimise the risk of this happening again."
Devon County Council said it had started mandatory data protection training for its staff.
It said: "It was a mistake that simply shouldn't have happened, and we've apologised.
"We take our duties regarding data protection extremely seriously and have a good track record in this respect."
A spokeswoman for Plymouth City Council said: "Practical steps to prevent a similar situation happening again were taken, including secure pin printing so that reports are only printed when staff activate the printer with their code, which reduces the risk of papers being mixed up.
"Extra checks before sensitive documents are dispatched from the office are also being devised.
"Children's social care have reinforced to all managers and staff that all employees have personal responsibility for the confidentiality of client information and the security of documents."
A Lewisham Council spokesman said: "We totally accept the findings of the Information Commissioner and very much regret that a member of staff, who is no longer with the council, potentially put confidential information into the public domain.
"Since this breach occurred, we have taken steps to make sure all staff who work with this type of confidential information are fully aware of their responsibilities and the need to comply with council practice and security measures.
"As part of this process, we have provided staff with further training and support."
Germanwings captain Patrick Sondenheimer tried to break into locked cockpit door 'with an axe' as plane was descending
Amanda Knox murder conviction: Italian court overturns verdict for US student and Raffaele Sollecito in the killing of Meredith Kercher
Saudi Arabia says it won't rule out building nuclear weapons
The battle for the Middle East's future begins in Yemen as Saudi Arabia jumps into the abyss
#FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
Nigel Farage brands LGBT activists 'filth' and 'scum' and accuses them of scaring away his children after they invade his local pub
Ukip supporters are 55 or older, white and socially conservative, finds British Social Attitudes Report
JK Rowling responds to fan tweeting she 'can't see' Dumbledore being gay
Russia threatens Denmark with nuclear weapons if it tries to join Nato defence shield
Jeremy Clarkson sacked live: Alan Yentob 'wouldn't rule out' ex Top Gear host's BBC return
Germanwings plane crash live: Co-pilot Andreas Lubitz wanted to 'do something people would remember him for'
- 1 Finland schools: Subjects scrapped and replaced with 'topics' as country reforms its education system
- 2 The West has it totally wrong on Lee Kuan Yew
- 3 #FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
- 4 Scientists have discovered a simple way to cook rice that dramatically cuts the calories
- 5 Zayn Malik quits One Direction: Hundreds of workers request compassionate leave following band member's exit