The Information Commissioner’s Office has found North Lanarkshire Council in breach of the Data Protection Act following an investigation into a breach that occurred in October 2010. In a press release issued today, the office said:
North Lanarkshire Council breached the Data Protection Act after the theft of a home support worker’s bag containing papers which included sensitive personal information, the Information Commissioner’s Office (ICO) said today.
The council alerted the ICO to the data breach shortly after the theft in October 2010. The bag – which was not locked – contained the worker’s visiting schedule for the next two days. The schedule included information relating to the mental or physical health of six vulnerable adults who were being supported by the council’s Housing and Social Work Services department.
The ICO’s enquiries found that the guidance provided by the council to its home support workers on the storage and disposal of personal information outside of the office, was inadequate.
The Council has signed an undertaking to correct its deficiencies.