Three councils have been found in breach of the Data Protection Act after poorly trained staff lost personal information on vulnerable children.
The London Borough of Barnet, West Sussex County Council and Buckinghamshire Country Council were all found in breach of the act by the Information Commissioner’s Office (ICO).
In all cases "a systematic lack of staff training on how to handle personal information" was to blame, the ICO found.
Sally-Anne Poole, enforcement group manager at the ICO, said: "These three councils have shown a poor regard for the importance of protecting children’s personal information. It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children."
In the case of Barnet, an unencrypted, non-password-protected USB stick and CDs with information on more than 9,000 families were stolen from the home of a council employee.
The employee, who had received no training relating to downloading personal information, had downloaded this data without any authorisation.
West Sussex County Council’s case also involved a burglary from an employee’s home, this time involving a laptop with unencrypted data relating to an unknown number of families involved in childcare proceedings. The employee had also not received any formal data protection training. The ICO investigation also found that 2,300 unencrypted laptops were still in use across the council.
In Buckinghamshire, documents with personal data relating to two children were lost at Heathrow Airport by a social worker.
All three councils have pledged to improve staff training and data protection procedures.
In all cases "a systematic lack of staff training on how to handle personal information" was to blame, the ICO found.
Sally-Anne Poole, enforcement group manager at the ICO, said: "These three councils have shown a poor regard for the importance of protecting children’s personal information. It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children."
In the case of Barnet, an unencrypted, non-password-protected USB stick and CDs with information on more than 9,000 families were stolen from the home of a council employee.
The employee, who had received no training relating to downloading personal information, had downloaded this data without any authorisation.
West Sussex County Council’s case also involved a burglary from an employee’s home, this time involving a laptop with unencrypted data relating to an unknown number of families involved in childcare proceedings. The employee had also not received any formal data protection training. The ICO investigation also found that 2,300 unencrypted laptops were still in use across the council.
In Buckinghamshire, documents with personal data relating to two children were lost at Heathrow Airport by a social worker.
All three councils have pledged to improve staff training and data protection procedures.
