DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: West Dunbartonshire Council warned of court action by ICO over data protection failures

Posted on April 28, 2016 by Dissent

A Scottish council has been rapped by the regulator for repeatedly failing to train staff around data protection.

West Dunbartonshire Council were told to implement training on several occasions, as well as being advised to put in place a policy around home working. But their failure to do so ultimately contributed to a data breach that led to a child’s medical reports being stolen.

The Information Commissioner’s Office carried out an audit of the council in January 2013. The audit gave a reasonable assurance of the council’s compliance with the law, but made recommendations for areas that needed improvement, including training for all staff and adopting a home working procedure. A follow-up audit in November 2013 showed progress, but showed some of the recommendations still had not been implemented.

In July 2014, the council reported a data breach to the ICO, after an employee had a bag containing confidential information stolen. The employee had taken details of an adoption case out of the office to work on from home, but a laptop and paperwork left in their car overnight were stolen.

An ICO investigation found the employee had not been given training on the Data Protection Act, and the council still had no guidance to staff on handling personal information when working from home. The council avoided a fine as the breach did not cause substantial damage or distress.

The council has now been issued with an enforcement notice obliging it to implement training and guidance, or face court action.

Ken Macdonald, Assistant Information Commissioner for Scotland, said:

“Time and time again we have told this council to make these changes, and yet they have still not completed everything we set out. We’ve been left with no choice but to issue this formal notice requiring them to act.

“Let’s be clear, what we’re asking for here is a basic requirement for an organisation that is trusted with large amounts of local people’s personal data. When people in Dunbartonshire provide the council with their details, they expect staff are trained to handle this information properly. Unfortunately, more than three years after this was made clear to the council, this still hasn’t happened.”

The ICO is the regulatory body in Scotland for data protection issues and Ken Macdonald leads its offices in Scotland and Northern Ireland. Scotland also has its own Information Commissioner to regulate the Freedom of Information (Scotland) Act that covers Scottish public authorities.

SOURCE: ICO

Related posts:

  • UK: ICO finds three councils in breach of Data Protection Act
  • Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns
  • UK: ICO levies two monetary fines to councils for e-mail gaffes that exposed sensitive information
  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
Category: Government SectorHealth DataNon-U.S.Theft

Post navigation

← U.S. Steel Accuses China of Hacking
Whistle-blowing hacker to become founding member of new political party in Latvia →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.