recent work

First Scottish council fined for breaching the Data Protection Act – this time for £140,000

Midlothian Council has been fined after it disclosed ‘highly sensitive personal data relating to children and their carers’ on five separate occasions.

The incidents occurred between January and June 2011; each time papers and reports were sent to the wrong recipients. Although the first incident happened in January and was investigated in March, it didn’t stop other breaches occurring in May and June.

Assistant information commissioner for Scotland, Ken Macdonald, said: “Information about children’s care, as well as details about their health and wellbeing, is some of the most sensitive information a local authority holds. It is of vital importance that this information is protected and that robust policies are followed before it is disclosed.”

The ICO has confirmed that the conclusions of its investigation were that all five breaches ‘could have been avoided if the council had put adequate data protection policies, training and checks in place’

The ICO is asking the government for stronger powers to audit local councils’ data protection compliance, if necessary without consent.

Comment
DataWise by Absolute Data, is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. DataWise, one of our services, provides clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.