Council fined for serious breaches of sensitive data on children

By Janaki Mahadevan

| 07 June 2012

Telford & Wrekin Council has been issued with a £90,000 fine after revealing sensitive details about vulnerable children and foster carers to the wrong people.

Two children moved to new foster placements as a result of the breaches. Image: Phil Adams

The Information Commissioner’s Office ruled that the council had breached the Data Protection Act on two occasions by disclosing confidential and personal data relating to four vulnerable children.

On the first occasion, the council sent the results of a child’s core assessment, with details of their behaviour and a serious allegation by another child, to their sibling instead of their mother.

On the second, the names and addresses of the foster placements of two young children were shown to the children’s mother, resulting in the children having to move to another foster placement.

David Smith, deputy commissioner and director of data protection, said: “The decision to issue a penalty in this case reflects its seriousness – these were two very similar data breaches which occurred within a short space of time, and both involved highly confidential and sensitive personal data.

“Most importantly, some of the people affected were vulnerable children, two of whom had to be moved to a new foster home as a result of the second data breach. 

"It is the responsibility of all organisations, especially where children or other vulnerable people are involved, to keep sensitive personal data secure.”

An investigation carried out by the council following the first breach found that the records set up on the children’s information system, did not carry adequate information. There was also no process in place to check the documents before they were posted out.

The council’s investigation into the second breach, found that the default setting on the IT system was to include the foster carer’s details.

The council has now committed to provide safeguarding staff with further training and support on data protection and information security.  

A spokeswoman for Telford & Wrekin Council said: “Telford & Wrekin Council is an open and transparent organisation, which is why we immediately reported these breaches, which were limited in effect and were down to human error where people did not follow the council's agreed procedures that had been widely communicated to staff.

“The council is determined to work hard to minimise any data breaches but, where they do occur, will continue to be open with the information commissioner and local residents.

"That said, we do not underestimate the impact that this breach had on the people involved and have apologised to those whose data was accidentally disclosed.

"While we accept that the breaches occurred, we do not agree with the rationale behind the financial penalty that has been imposed and would point to other councils which do not collect such information and, therefore, avoid any punishment for breaches such as these.”

blog comments powered by Disqus