We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
ICO fines Plymouth City Council £60k for unsecure printing system

ICO fines Plymouth City Council £60k for unsecure printing system

A report containing sensitive details about child neglect was sent to the wrong recipient

Article comments

The Information Commissioner’s Office (ICO) has issued Plymouth City Council a £60,000 fine for a serious breach of the Data Protection Act, after it found that the details of a child neglect case were sent to the wrong recipient.

The report detailed highly sensitive personal information about two parents and four children, including allegations of child neglect.

An ICO investigation found that the council had no secure system in place for printing reports containing sensitive personal data, and had failed to take reasonable steps to ensure reports were checked before they were sent out.

The error happened after a social worker used another social worker’s printer to print the report, which didn’t immediately work. However, the documents were stored on the system for the time being and were picked up at the same time as another report that was printed at a later date by the other social worker.

All these documents were then sent out at the same time to one family who received details about a family that wasn’t related to them.

“It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information,” said Stephen Eckersley, Head of Enforcement at the ICO.

“The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that."

The ICO recently fined Scottish Border Council a whopping £250,000 under the Data Protection Act for not putting in appropriate guarantees when it outsourced responsibility to an external company to digitise employees’ pension records.

Some 676 records were deposited by the unnamed company into a recycle bin in a supermarket car park, which contained information on employee salary and bank accounts. The files were spotted by a member of the public, who called the police.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *