Have a question?
033 3772 0409

Legal News

A council has been fined by the ICO for breaching the Data Protection Act involving the details of vulnerable children (12 June 2012)

Date: 12/06/2012
Duncan Lewis, Legal News Solicitors, A council has been fined by the ICO for breaching the Data Protection Act involving the details of vulnerable children

The Information Commissioner’s Office (ICO), has imposed a penalty of £90,000 on Telford and Wrekin Council following its breach of the Data Protection Act (DPA) where the council had disclosed confidential and sensitive personal data relating to four vulnerable children.
Two similar data breaches were reported within the span of two months of each other the first taking place on 31 March 2011, when a member of the staff working in Safeguarding Services sent the Social Care Core Assessment of one child to the child’s sibling instead of their mother. The assessment contained sensitive details of the child’s behaviour including name and address, date of birth, and ethnicity of a further young child who had made a serious allegation against one of the other children.
The second breach concerned the inclusion of the names and addresses of the foster care placements of two young children in their Placement Information Record (PIR). The PIR was printed out and shown to the children's mother, who noticed the foster carers' address. The Council then decided to move the children to alternative foster care placements to minimize the effect on the data subjects concerned.
An investigation carried out by the Council following the first breach found that the relationship records set up on the children's information system, Protocol, for the children involved in the first incident, were not filled with adequate information. The Protocol system was so set up that the details of individuals were printed automatically on the assessment, although there was a provision for the user to tick a box to avoid printing the details. There was also no process in place to check the documents before they were posted out.
After the second breach and subsequent investigation, it was found that the default setting on the Protocol system was to include the foster carer's details in the PIR, and there was no process in place to check the PIR after it was printed.
The ICO's Deputy Commissioner and Director of Data Protection David Smith said it was a serious issue and involved highly sensitive data to be passed out.
He added that it affected the most vulnerable children with two of the kids having to be removed to new foster homes.
He said that such data were sensitive enough to be safely guarded by those responsible for its safe up keep.
The Council has now committed to taking action including providing Safeguarding Services staff with further training and support on data protection and information security as well as on using the Protocol system. They are also introducing formal guidance on checking documents printed off the Protocol system, and making changes to its configuration.

Call us now on 033 3772 0409 or click here to send online enquiry.
Duncan Lewis is the trading name of Duncan Lewis (Solicitors) Limited. Registered Office is Spencer House, 29 Grove Hill Road, Harrow, HA1 3BN. Company Reg. No. 3718422. VAT Reg. No. 718729013. A list of the company's Directors is displayed at the registered offices address. Authorised and Regulated by the Solicitors Regulation Authority . Offices all across London and in major cities in the UK. ©Duncan Lewis >>Legal Disclaimer, Copyright & Privacy Policy. Duncan Lewis do not accept service by email.