Rap for Lancashire council after data breach

12:43pm Wednesday 20th January 2010 in Pendle Photograph of the Author By David Watkinson, Deputy news editor

DISCOVERY: The files and the cabinet they were found in DISCOVERY: The files and the cabinet they were found in

LANCASHIRE County Council has been rapped by the information commissioner after confidential documents were left in furniture sold in a second hand shop.

The Lancashire Telegraph revealed the blunder last year when the customer who bought the county council filing cabinet from a Blackburn second-hand shop came forward.

Now the Information Commissioner's Office has found Lancashire County Council in breach of the Data Protection Act following an investigation.

The council's chief executive Ged Fitzgerald has now signed an 'undertaking' which promises to implement a formal written procedure for the removal or disposal of any office furniture or equipment.

It also requires staff to be made aware of the council's policies for the storage, use and disposal of personal information and for the appropriate training to be provided.

The social service documents contained confidential details of East Lancashire residents including information about the ethnicity, religious beliefs and physical or mental health conditions of individuals.

In one instance, the data provided an almost complete picture of the individual's life.

The records were duplicates of documents held in the council's offices and had apparently been used by a social worker during active casework duties.

But no-one had apparently checked the filing cabinet before the item was put up for auction.

Sally-Anne Poole, head of enforcement at the ICO, said: "This incident highlights the importance of having the necessary safeguards in place to ensure personal information is disposed of securely.

"Organisations need to have the appropriate policies in place and staff need to be aware of these policies to ensure personal information is stored securely.

Related links

"I am pleased that Lancashire County Council is taking action to prevent a similar situation occurring in the future."

Roger Hulme, the county council's business services director Roger Hulme, issued another apology over the blunder.

He said: "We fully understand the concern and anxiety that incidents of this nature can cause and have apologised to the people affected by this breach."

Comments(4)

chrislancs says...
1:11pm Wed 20 Jan 10

What is the fuss about, if you give the DVLA a registration number and the £2.50 fee they will give you the name and address of the car owner you can check how many points they have on their licence.or even if they have a valid licence, just tell them they have committed a parking offence.
That is how protected your personal information is. as long as the government can make money from it, then your info is for sale.
Hypocrisy of the highest order. time to clear them out and start protecting people in this country, if you want to be heard then the English Democrats are the party to put a stop to this betrayal. some things should never be sold.

Report this post »

janice33rpm says...
2:59pm Wed 20 Jan 10

Anyone else here reading “I.T. WARS”? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors – as well as system failures. It has great chapters on security, as well as risk, content management, project management, acceptable use, policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

Report this post »

Davidoff says...
4:49pm Wed 20 Jan 10

Does anyone still seriously think that having a Data Protection Act in this country is nothing more than a complete joke these days in light of all these 'lossess'. If people still wish to think your data is safe in the hands of, say, the government and it's bulldozing tactics to get ID cards forced onto every citizen - oh, and we PAY for it as well to carry a piece of plastic to prove who WE are cos it's not gonna be free! - must be incredibly naive. You may as well give a 2 year old acccess to your data filing system these days because that's about as secure as it seems to be reading all these shambolic lacks in filing and data protection. The truth is no one has any real protection from anyone else in this country so forget about Data Protection laws. Because if we did, we wouldn't be reading of the utterly appalling laxes in government organisations nearly every other day. Data laxes are and always will be human error. A human is required to handle the data before entry. I think some out there think it gets there by magic. Because it's certainly not an area that is taken as seriously as it should be.

Report this post »

twicki says...
1:34pm Thu 21 Jan 10

How do they believe being told to write procedures that should of already been in place a sever rapping. Why wasn't someone sacked or disciplined for the error. If it was the private sector you would be on a written warnig or sacked, how the public sector have it sussed.

Report this post »

click2find

About cookies

We want you to enjoy your visit to our website. That's why we use cookies to enhance your experience. By staying on our website you agree to our use of cookies. Find out more about the cookies we use.

I agree