Croydon Council fined £100,000 for data loss

Croydon council has been fined £100,000 for the loss of  a bag containing papers about a child sex abuse victim.

Croydon council has been fined £100,000 for the loss of  a bag containing papers about a child sex abuse victim.

The penalty highlights the necessity for more councils to use electronically encrypted information rather than paper files. A spokesman from the Information Commissioner's Office (ICO) said it was good practice for councils to transport sensitive information using encrypted devices as it results in the data being rendered useless if lost.

The news follows Norfolk County Council having also been served with an £80,000 penalty for disclosing information about allegations against a parent and the welfare of their child to the wrong recipient.

The ICO has now imposed over £1m in monetary penalties to organisations in breach of the DPA since November 2010.

Stephen Eckersley, head of enforcement at the ICO said: “While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation.”

The Croydon Council breach occurred in April 2011 when an unlocked bag belonging to a social worker was stolen from a London pub. The worker was taking papers, including information about the sexual abuse of a child and six other people connected to a court hearing, home for use at a meeting the following day. The bag and its contents have never been recovered.

The Norfolk County Council breach occurred the same month when a social worker inadvertently wrote the wrong address on a report and hand delivered it to the intended recipient’s next door neighbour. The report contained confidential and highly sensitive personal data about a child’s emotional and physical wellbeing, together with other personal information.

Both councils have taken remedial action as a result of the breaches and will now ensure that effective data protection measures are put in place.

Read more on IT for government and public sector