Southwark Council discards personal data in skip

Southwark Council has escaped a fine after discarding personal data relating to more than 7,000 people in a skip for 18 months, according to the Information Commissioner’s Office (ICO).

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

An Apple iMac computer and some papers containing 7,200 people’s personal information were found in a skip in June 2011 after being discarded in December 2009. Information included names and addresses, ethnic background, medical history and past criminal convictions.

The ICO said the council had information handling and decommissioning policies in place. By failing to follow the policies and encrypt data, the council had breached the Data Protection Act. However, the ICO is unable to issue a fine.  

“The fact that thousands of residents’ personal details went missing for almost two years clearly shows that Southwark Council’s policies for handling personal information are below standard. As this information was lost before the ICO received the power to issue financial penalties, we are unable to consider taking more formal action in this case,” said Sally Anne Poole, acting head of enforcement.

“Southwark Council has committed to putting changes in place and we look forward to completing an audit next year to help it identify further improvements,” she added.

The ICO said Central Essex Community Services has also signed an undertaking after losing a birth book containing personal information about 249 mothers and babies. The organisation failed to keep the book secure in a locked filing cabinet.

Image used courtesy of sindesign under Creative Commons Licensing via Flickr.