Another Council loses more children’s data
We take our responsibilities under the Data Protection Act very seriously having in place robust procedures to meet our obligations.
Sound familiar? It’s the standard response from an organization that has just failed in its responsibilities under the Data Protection Act – and we’re hearing it all too often, and all too often from a local authority. This is Bolton Council, who left children’s files in a car that was broken into.
A report in This Is Lancashire states that
…it is also believed the files should not have been removed from the office by the worker, who has now left the council.
Probe after children’s files stolen from car
First comment: if files were wrongfully removed from the office, then the ‘robust procedures’ clearly ain’t robust.
Second comment: the worker could have been a contractor who has left at the end of the contract. More likely, I suspect, it was a full-time employee. In which case, that he or she has left the council means one of two things: either it is an admission of guilt followed by an accepted resignation; or it is obvious guilt followed by dismissal. Resignation should not be accepted: loud and painful dismissal would reinforce the message that such behaviour is unacceptable.
But this bit makes me weep. The council also stated:
At the same time we also voluntarily chose to alert the ICO of the situation and will take their recommendations on board, should there be any.
The tone is hardly contrite. Bolton seems to be seeking kudos for reporting a disaster, will listen to a telling-off from the headmaster, but doesn’t seem to think there should be one. This has to change. The ICO must find some way to seriously hurt the people responsible, council management, without hurting the public taxpayer.