UK: Wolverhampton City Council breached Data Protection Act; Confidential records dumped in skip
From the ICO:
Wolverhampton City Council breached the Data Protection Act by allowing confidential personal information to be disposed of in a skip, the Information Commissioner’s Office (ICO) said today.
The ICO first became aware of the breach in October 2010 when a local newspaper reported that council documents containing names, dates of birth, bank details, employment records and medical information had been fly-tipped after being dumped in a skip located at a community leisure centre. The skip was stolen and the documents in it discarded.
The ICO’s enquiries into the circumstances of the breach revealed that although the council had a written contract in place with a waste management company for the secure disposal of personal data, council employees had failed to recognise the confidential nature of the information when they disposed of it.
Director of Operations, Simon Entwisle, said:
“This breach demonstrates how important it is that staff who handle personal data have a good understanding of the need to keep it safe at all times – especially when it is being disposed of. An organisation’s responsibility to keep information secure does not end when it is taken out of the building.
“The thought of people’s personal details being dumped on the street is worrying enough, not to mention what could have happened if it had fallen into the wrong hands. I am pleased that the council has taken the necessary steps to ensure that this type of breach does not happen again.”
Simon Warren, Chief Executive of Wolverhampton City Council, has signed an undertaking to ensure that staff are made aware of the council’s policies on data protection and confidential waste management, and are appropriately trained in how to follow them. The council will also ensure that compliance with the policies is appropriately and regularly monitored.
A full copy of the undertaking can be viewed here: