Another undertaking in the U.K. quietly posted to the ICO’s web site without fanfare, relates to the loss of documents by a barrister, Raisa Saley. The facts of the case, as summarized in the undertaking:
The Information Commissioner (the ‘Commissioner’) was informed by the data controller that she had lost a bundle of court papers while commuting by train on 17 March 2011. The bundle contained a quantity of sensitive personal data relating to several individuals involved in a care proceedings case. The sensitive personal data included details of ethnicity, family history, previous convictions and medical history.
The data controller took the bundle of court papers home in preparation for a court hearing the following week. The bundle was packed in a suitcase, which was left unlocked. The data controller forgot to take the suitcase with her upon leaving the train.
At the end of its scheduled journey that evening, the train on which the data controller travelled was decommissioned for repairs. It was stored at Bletchely depot where the suitcase was found by cleaners. The suitcase was held as lost property at the depot and returned to Bletchley station on 23 March 2011. The data controller was alerted to the recovery of her suitcase on 25 March 2011. During the intervening period, the data controller made daily trips to Euston station’s lost property department, in an effort to locate her suitcase, but without success. On recovering the suitcase, the data controller was able to confirm that the contents appeared to be intact and undisturbed.
Not exactly a prime time thriller, and I wonder if the ICO has the resources to really get every party that has ever lost documents like this to sign an undertaking, or if he is just trying to make a point here.