An undertaking has been signed by Luton Borough Council following two incidents involving inappropriate handling of sensitive personal data. These incidents occurred after the council failed to implement recommendations made by the ICO for mandatory employee training following earlier incidents.
The two more recent incidents involved sensitive personal data that was incorrectly handled by social work staff. One incident took place in December 2012 and the other in January 2013.
In one incident, an email containing personal data about one family, together with advice to one individual, was sent unprotected across an internet connection and also misdirected to an agency dealing with a different family. In the other case, a social worker was advised to leave the office and return home due to severe weather and took with them the paperwork they’d worked on that day. Some of it, containing personal data about a vulnerable young person, was lost as the result of an accident on the journey home.
View a PDF of Luton Borough Council’s undertaking, which outlines the training requirements for employees and the requirement for refreshing training not less than once every two years. The council should probably consider itself fortunate that it didn’t incur a monetary penalty as they had already been advised of shortcomings and the need for training but didn’t follow through.