Yesterday the Information Commissioner announced that he had fined Midlothian Council £140,000 for disclosing sensitive personal information to the wrong recipient on 5 separate occasions. All 5 breaches involved children’s social service reports and occurred between January and June 2011.
Ken MacDonald, Assistant Commissioner for Scotland commented:
“The serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months. I hope this penalty acts as a reminder to all organisations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”
The ICO’s investigation found that all five breaches could have been avoided if the council had put adequate data protection policies, training and checks in place.
The ICO has ordered the council to review and update its data protection policy and ensure council staff and those who work with the council are adequately trained in their DPA responsibilities.
The ICO is gaining support for its request to conduct audits of local councils and NHS bodies without request. There have been numerous public sector bodies caught in breach of the DPA over the last two years, however the actual number who are not meeting data protection compliance levels is thought to be much, much higher.
The cost-effective way to tackle this issue is to ensure you are DPA compliant now. DPA training and compliance is not expensive, especially compared to the potential huge fines that can be levied on an organisation who are found to have breached the DPA.
DPA Foundation Training – Essential for those responsible for personal and sensitive data within an organisation.
DPA Staff eLearning – A Cost effective way of delivering essential training to staff.
DPA Toolkit – Essential time saving documentation toolkit to help you create the documents you need to ensure DPA compliance.