The Information Commissioner’s Office (ICO) has found Lancashire County Council in breach of the Data Protection Act after social work records containing sensitive personal data relating to several individuals were found in a filing cabinet purchased second-hand by a member of the public.
The records were duplicates of documents held in the council’s offices and had apparently been used by a social worker during active casework duties. The files contained an extensive amount of personal data including information about the ethnicity, religious beliefs and physical or mental health conditions of individuals. In one instance, the data provided an almost complete picture of the individual’s life.
Chief Executive of Lancashire County Council, Ged Fitzgerald, has now signed an Undertaking promising to implement a formal written procedure for the removal or disposal of any office furniture or equipment. The Undertaking also requires staff to be made aware of the council’s policies for the storage, use and disposal of personal information and for the appropriate training to be provided.
Sally-anne Poole, Head of Enforcement at the ICO, said: “This incident highlights the importance of having the necessary safeguards in place to ensure personal information is disposed of securely. Organisations need to have the appropriate policies in place and staff need to be aware of these policies to ensure personal information is stored securely. I am pleased that Lancashire County Council is taking action to prevent a similar situation occurring in the future.”
The Undertaking can be viewed here http://www.ico.gov.uk/upload/documents/library/data_protection/notices/lancs_cc_undertaking.pdf
Source: Information Commissioner’s Office