Wolverhampton City Council breached the Data Protection Act when staff put personal information in a skip, says...
the Information Commissioner's Office.
The Information Commissioner's Office (ICO) was alerted to the breach in October 2010 when a local newspaper reported that council documents containing personal details had been fly-tipped by thieves who stole the skip from outside a community leisure centre.
The ICO found that, although the council had a contract with a waste management company for the secure disposal of personal data, council employees had failed to recognise the confidential nature of the information when they disposed of it.
Simon Entwisle, director of operations at the ICO says the breach demonstrates how important it is that staff who handle personal data have a good understanding of the need to keep it safe at all times, especially when it is being disposed of.
"An organisation's responsibility to keep information secure does not end when it is taken out of the building," he said.
Entwisle says the council has taken the necessary steps to ensure this type of breach does not happen again.
Simon Warren, Chief Executive of Wolverhampton City Council, has signed an undertaking to ensure staff are made aware of the council's policies on data protection and confidential waste management, and are appropriately trained in how to follow them.
The council is obliged to ensure compliance with the policies is appropriately and regularly monitored.
Eight principles of the Data Protection Act
Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is: