Every day some employee has done something they should not have done posted to the wrong place, not used the correct system, etc. which means the common cause is human…
The latest involves Cheshire East Council, who in May 2011 breaches the Data Protection Act when a council employee contacted the local voluntary sector co-ordinator to alert voluntary workers that the Police had concerns about an individual who was working in the area.
Instead of sending an email via the council’s secure system, the employee sent an email to the local voluntary sector co-ordinator via her personal email account. This simple error cost the council £80,000.
Stephen Eckersley, Head of Enforcement, said about the Cheshire East breach:
“While we appreciate that it is vitally important for genuine concerns about individuals working in the voluntary sector to be circulated to relevant parties, a robust system must be put in place to ensure that information is appropriately managed and carefully disclosed. Cheshire East Council also failed to provide this particular employee with adequate data protection training. The highly sensitive nature of the information and the need to restrict its circulation should have been made clear to all recipients.
“I hope this case – along with the fact that we’ve handed out over one million pounds worth of penalties since our powers came into force – acts as a strong incentive for other councils to ensure that they have sufficient measures in place around protecting personal data.”
Two other recent incidents involving the Information Commissioner:
- Another bad day for councils but this time there were costs attached – £180,000!
- Bad day at the office for UK Councils as several breach the Data Protection Act