The City of York Council has fallen foul of the Data Protection Act after having accidentally disclosed personal data following a printer mix-up, the Information Commissioner's Office (ICO) has said.
The personal information was sent out with other documentation to the wrong person after being mistakenly collected from a shared printer and mailed without being checked.
Sally-anne Poole, acting head of enforcement at the ICO, said: "This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data. If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided."
The City of York Council has introduced new security measures governing the use of its printers, with staff now required to carry out appropriate quality control checks to avoid information being incorrectly disclosed.
Kersten England, CEO of the City of York Council, has signed an undertaking to ensure that new procedures are put in place to prevent documentation containing any form of personal data from being printed where there is no business need to do so.
The council will also bring in new quality control checks on all the information it handles prior to distribution, as well as extending its clear desk policy to include printer trays, post trays and other pending work trays. The council has agreed that all of the measures outlined in the undertaking will be in place within the next four months.
- Royal Cornwall Hospitals NHS Trust breaches Data Protection Act
- Play.com: security breach leads to rise in spam
- London council makes world's first citizen data transfer
- Wolverhampton City Council breaches DPA with document skip dump