Somerset County Council have been reprimanded by the ICO after an employee broke data laws by sending sensitive personal information concerning a teenager’s medical and behavioural history to the wrong family. .The incident is thought to have occurred as a result of the council employee working on two similar cases at the same time.
In addition, the council failed to act in the correct manner when the error was revealed. The recipient of the information was initially told to throw it away, then later advised that a council employee would collect it
Sally-Anne Poole, the ICO's acting head of enforcement, pointed out that despite the information being returned, "the damage had already been done". She also claimed it was very likely the incident would cause "considerable embarrassment to those affected”. “The information collected by social services departments is often extremely sensitive,” she said. “Local authorities should make sure they have adequate measures in place to keep this information secure, especially where there is the potential for human error.”
The chief executive of Somerset County Council, Sheila Wheeler, has signed an undertaking from the ICO indicating that staff will receive additional training on data policies and procedures.
"staff will receive additional training on data policies and procedures"
Wrist-slap
Better than nothing I suppose
Posted by: Purlieu | 16/05/2011 at 05:36 PM
Considering that the council employee was overworked, under extreme pressure, probably bullied by crap managers, and stressed out having to handle a huge workload it's not surprising that they made a mistake in putting the wrong report into the envelope.
Training would not solve such problems.
In the grand scheme of things this is minor as the only non-authorised people who saw the report were the other family being handled by the social worker. It's not like losing the details of millions of people.
A better photo would by of an envelope considering that no tech was involved in the case.
Posted by: SadButMadLad | 16/05/2011 at 06:24 PM
Training would not solve such problems. realy?
Posted by: ray ban | 17/05/2011 at 09:25 AM
One of the greatest concerns about this type of error is the attitude of the person/s or organisation involved. All too often the attitude is one of 'okay I've said sorry, it is JUST a mistake'. Problem then is that instead of the impact of the error being understood and steps genuinely taken to prevent it happening again it is too often dealt with in a sulky, stamp your foot, way which does not resolve the issue. Making a CEO sign an undertaking to prevent such breaches again - will this make any difference? I very much doubt it. Although training is unlikely to guarantee no errors it is certainly needed as it seems that there are more people working with confidential data without understanding what their obligations and responsibilities are, than there are people who do understand. So in depth training would not be a bad place to start.
Posted by: privatedata | 17/05/2011 at 03:01 PM
"A better photo would by of an envelope considering that no tech was involved in the case"
The data protection act covers all data regardless of medium.
Posted by: Purlieu | 17/05/2011 at 05:15 PM
Problem then is that instead of the impact of the error being understood and steps genuinely taken to prevent it happening again it is too often dealt with in a sulky, stamp your foot, way which does not resolve the issue. Making a CEO sign an undertaking to prevent such breaches again - will this make any difference?,
Posted by: pandora | 07/06/2011 at 06:14 AM