An investigation by the Information Commissioner’s Office (ICO) has ruled that a council in Berkshire breached the Data Protection Act after sensitive social services records relating to the care of a young child were lost.
The information had been requested by a family member who made a subject access request for their information to Wokingham Borough Council. The response included details of the requester and their child’s involvement with the council’s social services department, including allegations of neglect and abuse carried out by the requester’s ex-partner.
The information was lost after the delivery driver left the documents outside the requester’s home in August 2013. The driver had not been told about the sensitivity of the information included in the delivery and had not been informed that the delivery required a signature, or returning to the council if no one was available to sign for the package. The council had also failed to arrange a suitable delivery time with the requester.
The council signed an undertaking to correct deficiencies.
In other news, the ICO reported that Wirral Borough Council breached the Data Protection Act after social services records containing sensitive personal information were sent to the wrong addresses on two occasions.
The information was disclosed by Wirral Borough Council in February and April 2013. The records included sensitive personal details relating to two families living in the borough and in one case included details of a criminal offence committed by one of the family members.
An investigation by the Information Commissioner’s Office (ICO) found that the council had no mandatory data protection training in place for staff and did not have adequate checks in place to make sure records were being sent to the correct address. Three other disclosure incidents have also been reported to the ICO previously.
That council, too, has signed an undertaking to correct deficiencies.
SOURCE: Information Commissioner’s Office