Aberdeen City Council gets £100,000 penalty for IT security failings

News

Aberdeen City Council gets £100,000 penalty for IT security failings

Warwick Ashford

The Information Commissioner’s Office (ICO) has served Aberdeen City Council with a monetary penalty of £100,000 for inadvertently publishing vulnerable children’s details online.

The ICO said information included details relating to the care of vulnerable children by social services.

ICO logo.jpg

The information was released after a council employee accessed council documents, including meeting minutes and detailed reports, from a home computer.

A file transfer program on the machine automatically uploaded the documents to a website, publishing sensitive information about several vulnerable children and their families.

The files were uploaded between 8 and 14 November 2011. They remained online until 15 February 2012 when another member of staff spotted the documents after carrying out an online search linked to their ownname and job title.

The council was informed and the original documents were removed, before the incident was reported to the ICO. 

The ICO’s investigation found that the council had no relevant home working policy in place for staff and did not have sufficient measures to restrict the downloading of sensitive information from the council’s network.

Ken Macdonald, assistant commissioner for Scotland at the ICO, said that as more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure.

“In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information,” he said.

The council also had no checks in place to see whether existing data protection guidance was being followed.

“The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months,” said Macdonald.

“We would urge all social work departments to sit up and take notice of this case by taking the time to check their home working setup is up to scratch,” he said.

The council is currently in the processes of agreeing an undertaking with the ICO, which commits the organisation to improving its compliance with the Data Protection Act. 

Read more on ICO penalties


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy