A series of blunders: Social worker left papers containing sexual abuse allegations in plastic bag on train
Monday 17 December 2012
A social worker left papers containing sexual abuse allegations in a plastic bag on a train in one of a series of blunders that saw fines for data breaches at councils hit £1.9 million.
London Borough of Lewisham was fined £70,000 for the breach, while Plymouth City Council has been hit with a £60,000 penalty for a separate incident, the Information Commissioner's Office (ICO) said.
Elsewhere, Leeds City Council was fined £95,000 and Devon County Council was hit with a £90,000 penalty bringing the total number of councils charged for Data Protection Act breaches to 19.
Information Commissioner Christopher Graham said: "It would be far too easy to consider these breaches as simple human error.
"The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence."
In Lewisham, a social worker left sensitive documents in a plastic shopping bag on a train after taking them home to work on.
The files, which were later recovered from the rail company's lost property office, included GP and police reports and allegations of sexual abuse and neglect.
The case in Leeds saw sensitive personal details about a child in care sent to the wrong person, disclosing details of a criminal offence and school attendance.
When sending internal mail, the council re-use envelopes that have been used for external mail - in this case the external address was not crossed out.
The breach at Plymouth City Council saw information passed to the wrong recipient including highly sensitive personal information about two parents and four children.
The breach occurred when two reports about separate child neglect cases were sent to the same shared printer.
And in Devon, a social worker used a previous case as a template for an adoption panel report they were writing, but a copy of the old report was sent out instead of the new one.
The mistake disclosed personal data of 22 people, including details of alleged criminal offences and mental and physical health.
Sir Christopher went on: "Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.
"The distress that these incidents would have caused to the people involved is obvious."
The ICO said it was pressing the Ministry of Justice for stronger powers to audit local councils' data protection compliance, if necessary without consent.
Tom Riordan, chief executive of Leeds City Council, said: "We take our data protection responsibilities seriously and regard any breach as unacceptable.
"We accept the findings of the Information Commissioner and although we have already apologised to the individual affected, we would like to take this opportunity to do so again.
"The incident happened over a year ago and we acted swiftly at the time to recover the data and put robust new systems in place to minimise the risk of this happening again."
Devon County Council said it had started mandatory data protection training for its staff.
It said: "It was a mistake that simply shouldn't have happened, and we've apologised.
"We take our duties regarding data protection extremely seriously and have a good track record in this respect."
A spokeswoman for Plymouth City Council said: "Practical steps to prevent a similar situation happening again were taken, including secure pin printing so that reports are only printed when staff activate the printer with their code, which reduces the risk of papers being mixed up.
"Extra checks before sensitive documents are dispatched from the office are also being devised.
"Children's social care have reinforced to all managers and staff that all employees have personal responsibility for the confidentiality of client information and the security of documents."
A Lewisham Council spokesman said: "We totally accept the findings of the Information Commissioner and very much regret that a member of staff, who is no longer with the council, potentially put confidential information into the public domain.
"Since this breach occurred, we have taken steps to make sure all staff who work with this type of confidential information are fully aware of their responsibilities and the need to comply with council practice and security measures.
"As part of this process, we have provided staff with further training and support."
Sales of the tablet are set to fall again, say analysts
Met Police confirm there was a 'minor disturbance' and that no-one was arrested
George Lucas criticises the major Hollywood film studios
Does Chris Grayling realise what a vague concept he is dealing with?
Trend which requires crisps, a fork and a strong stomach is sweeping Mexico's streets
Parties threaten resort's image as a family destination
I Am Bread could actually be a challenging and nuanced title
Cameron is warned 'no possibility' of UK reducing immigration and that bid to bring in quota on migrant workers would be illegal
Residents should throw a street party and mix with immigrant neighbours, councils told
London bus driver allegedly kicks gay couple off for kissing
Russell Brand threatened with arrest after filming outside Fox News headquarters
Amal Alamuddin calls for the return of the Elgin Marbles from Britain: 'Injustice has persisted for too long'
Lord Freud: Tory welfare minister apologises after saying disabled people are 'not worth’ the minimum wage
- 1 Indian footballer Peter Biaksangzuala dies after injuring spine doing somersault celebration
- 2 Jack the Ripper: Scientist who claims to have identified notorious killer has 'made serious DNA error'
- 3 Banksy arrest hoax: Internet duped by fake report claiming that the street artist's identity has been revealed
- 4 Drink alcohol and eat meat to improve male fertility - but cut down on coffee, studies suggest
- 5 Brian Harvey turns up at Downing Street and 'demands to speak to Prime Minister'