Home > All, Politics, Security Issues > Another Council loses more children’s data

Another Council loses more children’s data

December 14, 2011 Leave a comment Go to comments

We take our responsibilities under the Data Protection Act very seriously having in place robust procedures to meet our obligations.

Sound familiar? It’s the standard response from an organization that has just failed in its responsibilities under the Data Protection Act – and we’re hearing it all too often, and all too often from a local authority. This is Bolton Council, who left children’s files in a car that was broken into.

A report in This Is Lancashire states that

…it is also believed the files should not have been removed from the office by the worker, who has now left the council.
Probe after children’s files stolen from car

First comment: if files were wrongfully removed from the office, then the ‘robust procedures’ clearly ain’t robust.

Second comment: the worker could have been a contractor who has left at the end of the contract. More likely, I suspect, it was a full-time employee. In which case, that he or she has left the council means one of two things: either it is an admission of guilt followed by an accepted resignation; or it is obvious guilt followed by dismissal. Resignation should not be accepted: loud and painful dismissal would reinforce the message that such behaviour is unacceptable.

But this bit makes me weep. The council also stated:

At the same time we also voluntarily chose to alert the ICO of the situation and will take their recommendations on board, should there be any.

The tone is hardly contrite. Bolton seems to be seeking kudos for reporting a disaster, will listen to a telling-off from the headmaster, but doesn’t seem to think there should be one. This has to change. The ICO must find some way to seriously hurt the people responsible, council management, without hurting the public taxpayer.

Categories: All, Politics, Security Issues
  1. December 14, 2011 at 11:38 am

    There is no way to do what you ask for at the end of your post. The ICO can fine the Council if they have failed to implement the DPA properly. He can issue an enforcement notice ordering the Council to take steps. But the only action that the DPA allows him to take against individuals is to prosecute Directors if they deliberately or negligently commit a criminal breach of the Act. This loss is very unlikely to be a criminal breach (only a breach of the aforementioned notice would be in this context). I am sure that Bolton Council will diligently implement anything the Commissioner tells them to do.

    And of course, human error or malice is very hard to prevent in even the best run organisations.


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s