recent work

Another Council breaches the Data Protection Act

The Information Commissioner (ICO) has today confirmed that Kersten England, Chief Executive of the City of York Council, has signed an undertaking to ensure that new procedures are put in place to prevent documentation containing any form of personal data from being printed where there is no business need to do so, following an accidental data breach.

Personal data was disclosed to a third party after a mix-up occurred in printing. City of York Council reported this breach on 10th February this year. The disclosed information was forwarded to the third party when printed documents were collected from a communal printer tray and then posted out; the private information was mixed up within them. This private information had been printed by another member of staff, and no checks were made to ensure the correct documents were posted to the correct intended recipients.

City of York Council has been found to have robust procedures and policies in place regarding personal data and the handling of it, however management supervision, personal ownership and quality control lacked.

Acting Head of Enforcement, Sally-anne Poole said:
“This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data. If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided. We are pleased that the City of York Council has introduced new security measures governing the use of its printers”.

The council will also bring in new quality control checks on all the information they handle prior to distribution, as well as extending their clear desk policy to include printer trays, post trays and other pending work trays.

To read the undertaking in full, go to http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings now.