recent work

Sensitive and Personal information relating to children found in second hand furniture shop

The Scottish Children’s Reporter Administration (SCRA) has breached the Data Protection Act twice in four months; once after an office refurbishment resulted in nine case files finding their way into the wrong hands via a resold filing cabinet and again, after sensitive data was emailed to the wrong address.

Both breaches occurred after the SCRA failed to ensure its staff adhered to data protection policies and procedures and IT guidance, which are areas of great importance when risk of fines for breaches is so high, at £500,000.

Ken Macdonald, Assistant Commissioner for Scotland said:

“The fact that sensitive information was mishandled not once but twice by the same organisation is concerning. On both occasions the personal data which was compromised related to young children and was caused by human errors that could easily have been avoided. Luckily, on both occasions, the information was not circulated widely.”

Neil Hunter, Chief Executive of SCRA has put in place measures to ensure errors of this nature do not happen again. He has also vowed during office moves that staff will also be made aware of other existing policies and procedures and monitored to check that they are being followed throughout the moving process.

Comment
Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.