recent work

Somerset County Council in data breach.

The Information Commissioner’s Office has confirmed that Somerset County Council has breached the Data Protection Act.

The breach was reported in February 2011, just after the incident took place – when a social service assessment about a local teenager was sent to the wrong family. The assessment included information about the teenager’s behavioural and medical history and background, and was passed to the wrong family during assessment of a similar case.

The ICO has confirmed that there were failings in the way the Council handled the incident; the recipients were initially told to throw the document away, and were later told not to do that, but to await its collection by a council employee.

Acting Head of Enforcement, Sally-Anne Poole said:

“The information collected by social services departments is often extremely sensitive. Local authorities should make sure they have adequate measures in place to keep this information secure, especially where there is the potential for human error. Even though the information was returned to the council the damage had already been done and will have caused considerable embarrassment to those affected.

“I am pleased that Somerset County Council has taken action to ensure that any future documents containing personal data are checked prior to release and that staff will receive appropriate training on their legal obligations to keep personal information secure.”

Sheila Wheeler, Chief Executive of Somerset County Council, has now signed an undertaking to ensure that staff will be made aware of the Council’s policies and procedures for the storage, use and disclosure of personal data and receive appropriate training on how to follow them. The Council will also introduce quality control checks to be made before the release of any documents containing personal data.

To read the official press release, go to www.ico.gov.uk/~/media/documents/pressreleases/2011/somerset_council_news_release_20110513.ashx now.

A full copy of the undertaking can be viewed here:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_a ction.aspx#undertakings 

Comment
Absolute Data works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked, such as in the case of Somerset County Council.

Absolute Data can take any hassle away from an organisation, and hold training and seminars, document information, and carry out regular checks and reviews on an organisation’s behalf. For further information, please contact us now at info@absolute-data.co.uk.