£70k fine after Norwood worker leaves records outside
The Information Commissioner’s Office has fined Norwood £70,000 after one of its social workers left documents which included details of any history and abuse of four young children outside a London home late last year.
The fine, announced today, is the first time the ICO has issued a fine to a charity.
The ICO said that it was “truly staggering” that the social worker who, failing to deliver documents about four young children in care to prospective adoptive parents, left the sensitive documents outside the latter’s home, had not received any training about how to look after such sensitive data.
Stephen Eckersley, ICO’s head of enforcement, said: “This breach was entirely avoidable.”
The records pertained to four children under six years of age, and may now, according to the ICO, be in the possession of anyone.
The ICO has today said that it was not in the habit of issuing monetary fines to the charity sector, but in this case a financial penalty was called for.
“We have warned the charity sector that it must have thorough policies and procedures in place to keep the often sensitive information they handle secure,” Eckersley said. “We do not want to be issuing monetary penalties to charities, but in this case the seriousness of the breach left us with little choice.”
A Norwood spokesman said: "Norwood found itself, within its adoption service, to be in an isolated breach of the Data Protection Act and reported itself to the Information Commissioners Office when it was discovered.
"Norwood took immediate steps to tighten its procedures in line with the Act to ensure that an incident of this kind will not be repeated.”
Norwood has taken steps to ensure that personal information is kept safe, a move the ICO commended. However the regulator warned charities for the second time in three months that they must ensure data of this nature is properly secured.
ICO's Eckersley said: “We hope that this breach acts as a warning to all charities that they must fulfil their legal requirements under the Data Protection Act."
This article was taken from www.civilsociety.co.uk – http://www.civilsociety.co.uk/finance/news/content/13550/