recent work

Formal Undertaking signed by London Borough of Greenwich

The Information Commissioner’s Office (ICO) has enforced the London Borough of Greenwich to sign a formal undertaking after two incidents resulted in breaches of the Data Protection Act.

Personal and sensitive data was disclosed after data wasn’t adequately encrypted, and data was sent to by email to the wrong external email address. The data, which was both personal and sensitive, included medical and family history as well as criminal conviction information.

It has been confirmed that human error was the cause for both incidents, although the Council’s policies and procedures in place did not “explicitly state that the sending of emails containing sensitive personal data to external webmail addresses should be avoided”.

Comment
This breach brings about an interesting point: the policies and procedures in place were not effective in the first place – but also that the policy itself did not comply with the 7th Data Protection Principle.

Here at Absolute Data we can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.