UK: Croydon and Norfolk County councils fined by ICO for data breaches
The Information Commissioner’s Office (ICO) has served monetary penalties totalling £180,000 to two councils for failing to keep highly sensitive information about the welfare of children secure.
Croydon Council has been handed a penalty of £100,000 after a bag containing papers relating to the care of a child sex abuse victim was stolen from a London pub. Norfolk County Council has been served with an £80,000 penalty for disclosing information about allegations against a parent and the welfare of their child to the wrong recipient.
The Croydon Council breach – which happened in April 2011 – occurred when an unlocked bag belonging to a social worker was stolen from a London pub. The worker was taking papers, including information about the sexual abuse of a child and six other people connected to a court hearing, home for use at a meeting the following day. The bag and its contents have never been recovered.
The Norfolk County Council breach – which also occurred in April 2011 – happened when a social worker inadvertently wrote the wrong address on a report and hand delivered it to the intended recipient’s next door neighbour. The report contained confidential and highly sensitive personal data about a child’s emotional and physical wellbeing, together with other personal information.