An undertaking to comply with the seventh data protection principle has been signed (pdf) by Dudley Metropolitan Borough Council. This follows an investigation into a social worker leaving a case file containing sensitive personal data at a client’s home.
According to the undertaking, the Information Commissioner’s Office was informed of the breach in March 2013. After the case worker left the file containing child welfare concerns at the client’s home, the file was reportedly read by a child staying there, who informed other family members of its contents. The contents included the source of the reported child welfare concerns, a family member whose identity should have remained confidential.
On investigation, the ICO determined that there was no documentation that the social worker had not completed mandatory information governance training.