The Government data loss thread

Admin

Administrator
Pile of patients' NHS documents found dumped in public recycling bin at Cannon Park

Pile of patients' NHS documents found dumped in public recycling bin at Cannon Park

Scores of documents containing private patient information have been found dumped in a public recycling bin in Coventry.
Mark Taylor, Coventry leader of UKIP, lives in the area and came across the documents on Sunday evening.

He said: To my surprise, as I was disposing of my papers for recycle, I could see many NHS patient forms.

“They hold names, date of birth and patient signatures.

“More detailed patient dental records appeared to be located deeper in the skip.
How relevant UKIP membership is to the matter is lost on me.
 

Admin

Administrator
CPS could be fined £500k over stolen sex abuse victims' police interviews

If you can't trust the CPS...

Crown Prosecution Service could be fined £500k over stolen sex abuse victims' police interviews

The Crown Prosecution Service could be fined up to £500,000 after footage of sensitive police video interviews of sexual abuse victims were stolen from a flat in Rusholme.

Data Protection watchdog the Information Commissioner’s Office (ICO) has now launched a probe into the blunder after computers holding dozens of taped interviews were taken from a flat used by video-editing firm Swan Films.
It is understood the firm will not face action from the ICO as it was not liable for the security of the footage as a contractor.

Nazir Afzal, head of the north west CPS, has said he is ‘very concerned’ about the incident and has ordered an urgent investigation into the security arrangements at Swan Films and the contractual terms in place.

He said: “I appreciate this incident will have caused anxiety to the victims concerned.”
More lessons will be learned, no doubt, and the taxpayer will be footing the bill for any fine.
 

Diane

HEdups
I thought that a contractor WAS responsible in law, if they were in charge of the data so that sounds like a cop-out (forgive the unintentional pun!).

Or am I misinterpreting the legal position?
 

Admin

Administrator
Big Brother Watch: A Breach of Trust: How Local Councils Commit Four Data Breaches Every Day

Our latest report, A Breach of Trust, reveals the scale of data breaches by local councils, including personal information being lost, stolen or used inappropriately. The report also highlights data breaches involving the details of hundreds of children.

Key Findings

Results are for the years 2011 to 2014 unless otherwise stated. All data has been obtained under the Freedom of Information Act.

In a three year period 4,236 data breaches occurred in local councils, including at least:

  • 401 instances of data loss or theft
  • 628 instances of incorrect or inappropriate data being shared on emails, letters and faxes
  • 5,293 letters being sent to the wrong address or containing personal information not intended for the recipient [NB: In many cases, breaches involving a number of people are treated as a single breach by local councils.]
  • 197 mobile phones, computers, tablets and USBs were either lost or stolen.

On 658 occasions, children’s information was involved in the breaches.

  • 1 in 10 data breaches resulted in disciplinary action
  • 39 resignations
  • 50 dismissals
  • 1 court case – Southampton Council employee prosecuted by the ICO for transferring “highly sensitive data to his personal email account”
Glasgow City Council: 75% of the 197 reported instances of loss or theft of equipment highlighted in Breach of Trust took place at Glasgow City Council.
 

Admin

Administrator
Were YOUR details in confidential social work notebook found in the street?

All together now...."Lessons will be learned".

Were YOUR details in confidential social work notebook found in the street?

A SOCIAL worker left a bag containing confidential client information lying in the street.

A concerned passer-by saw the black bicycle saddle bag sitting on a wall and, realising it had been forgotten, picked it up.

The woman was appalled to find a laptop and a notebook with names and personal details of people in her community.

The woman, who asked not to be named, said: "Social work hold other people to extremely high standards and so they should be leading the way, setting an example.

"It's a disgrace that this was left lying around.

"The information in the notebook is really personal - I would hate to think that my information would be left to be found like that.
But then the mum, after taking advice from a colleague, began to worry she would be charged with the crime of "theft by finding" and so brought the bag to the Evening Times.

The notebook, which has been securely returned by the Evening Times to social work services, contains intensely personal details about child clients and their families.

This includes full names, dates, medical issues and even criminal histories of children and families in the north of the city.
The notes, by a Drumchapel Social Work office staff member who the Evening Times has chosen not to name, paint a glum portrait of the lives of children in the city.

One child detailed in the notebook is reported to have scabies and a parent with alcohol issues.

Another self harms while one teenager has racked up a slew of 20 car crime charges and is at risk of being accommodated in a secure unit.

Yet another is a victim of sexual exploitation.

Parents are listed as having drug debts while one mother sold her television on Christmas Day to try to offset debts.

There are notes on domestic abuse, parental crime and of a premature baby with serious heart defect.

One short but devastating note reads: “Likes Star Wars. Has no friends at school.”
A Glasgow City Council spokesman, on behalf of the social work department, said: "This incident will be investigated.

"Information security is an absolute priority for the council.”
Obviously.
 

Admin

Administrator
Council ordered to take action over data protection failings

Council ordered to take action over data protection failings

The Information Commissioner's Office (ICO) has now issued an enforcement notice to West Dunbartonshire Council over repeated failings that eventually led to a child's medical reports being stolen.
In July 2014, the council reported a data breach to the ICO after an employee had a bag containing confidential information stolen.

The worker had taken details of an adoption case out of the office to work on from home but a laptop and paperwork left in their car overnight were stolen, the ICO said.

An investigation found the employee had not been given training on the Data Protection Act and the council still had no guidance to staff on handling personal information when working from home.

The council only avoided a fine as the breach did not cause substantial damage or distress, the ICO said.
Ken Macdonald, assistant information commissioner for Scotland, said: "Time and time again we have told this council to make these changes and yet they have still not completed everything we set out. We've been left with no choice but to issue this formal notice requiring them to act.

"Let's be clear, what we're asking for here is a basic requirement for an organisation that is trusted with large amounts of local people's personal data.

"When people in Dunbartonshire provide the council with their details, they expect staff are trained to handle this information properly.

"Unfortunately, more than three years after this was made clear to the council, this still hasn't happened."
"Properly" means sharing children and families' data with everyone and his dog, according to the ICO policy officer. Shame no such enforcement action is ever taken against data thieving named persons in schools, councils and health boards.

A council spokesman said: "West Dunbartonshire Council would like to apologise for this error. We take data protection seriously and referred ourselves to the Information Commissioner as soon as this breach took place.

"We are disappointed at the language used by Mr Macdonald, particularly as this comes during the period open to appeal - something the council is currently considering."
All these lessons being learned, yet no time for training. Then again the 'data protection' training just confirms that everything can be shared on a whim. Maureen said so! :boom:
 
Council criticised for data protection failings
http://www.familylawweek.co.uk/site.aspx?i=ed160709


A Scottish council has been criticised by the Information Commissioner for repeatedly failing to train staff around data protection.

. . . Ken Macdonald, Assistant Information Commissioner for Scotland, said:
"Time and time again we have told this council to make these changes, and yet they have still not completed everything we set out. We've been left with no choice but to issue this formal notice requiring them to act.

"Let's be clear, what we're asking for here is a basic requirement for an organisation that is trusted with large amounts of local people's personal data. When people in Dunbartonshire provide the council with their details, they expect staff are trained to handle this information properly. Unfortunately, more than three years after this was made clear to the council, this still hasn't happened."



Best not to lumber them with too much data then!
 
Top