Here’s a case where as part of her deliberations, the ICO considered that a council should have known they were in contravention of the DPA because the ICO had issued three monetary penalty notices to other entities who had left confidential data behind in decommissioned buildings during the relevant time period.
From the Information Commissioner’s Office:
Hampshire County Council has been hit with a £100,000 fine by the Information Commissioner’s Office (ICO) after documents containing personal details of over 100 people were found in a disused building.
Social care files, along with 45 bags of confidential waste, were found at Town End House, in Havant. They contained highly sensitive information about adults and children in vulnerable circumstances.
The documents were discovered by the new owners of the building when it was purchased in August 2014.
Steve Eckersley, ICO head of enforcement, said:
“Hampshire County Council failed to ensure that highly sensitive personal data about adults and children in vulnerable circumstances was disposed of.
“The council knew the building had housed a department that dealt with confidential information and should have had a proper procedure in place to check no personal data was left in the building. Organisations must implement effective contingency plans to protect personal data when decommissioning buildings.
“The council’s failure to look after this information was irresponsible. It not only broke the law but put vulnerable people at risk.”
The ICO investigation found the council had failed to follow the law which says that organisations, be they businesses or public authorities, must have technical and organisational measures in place to guard against accidental loss or destruction of personal data.
The new owners bought Town End House after Hampshire County Council’s Adults and Children’s Services department left the building, meaning there was two years when agents selling the property and prospective buyers had access to it.
Mr Eckersley said:
“Thank goodness the company reported the find of personal details. If the information had ended up in the wrong hands it could have had distressing consequences.”