Council fined £100k after publishing sensitive details about children online

Information Commissioner's Office warns social work departments to check their home working set up after council worker releases sensitive documents online

A local authority in Scotland has been fined £100,000 by the Information Commissioner’s Office after an employee inadvertantly published confidential documents containing sensitive details about vulnerable children.

Aberdeen City Council was found to have seriously breached data protection when a council employee accessed meeting minutes and detailed reports from her home computer in early November 2011.

The private information was released online when a file transfer program installed on the computer automatically uploaded the documents to a website. They included details about children and their families, and of alleged criminal offences.

The files were in the public domain until February 2012 when a colleague spotted them after carrying out an online search linked to their own name and job title. The authority removed the original documents and reported the data breach.

Warning for social work departments

A subsequent investigation by the Information Commissioner’s Office (ICO) found the council had no relevant home working policy for staff and no sufficient measures to restrict the downloading of sensitive information from the council’s network.

Ken Macdonald, assistant commissioner for Scotland at the ICO, warned all social work departments to take the time to check their home working setup is safe and satisfactory. “As more people work from home, organisations must have adequate measures to make sure the personal information being accessed by home workers continues to be kept secure,” he said. 

“In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information.

“On a wider level, the council also had no checks in place to see whether the councils existing data protection guidance was being followed. The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months,” Macdonald said.

The authority is now agreeing an undertaking with the ICO, which commits the organisation to improving its data compliance.

Related articles

Council fined £70k for sending adopters’ address to birth parents

More from Community Care

Comments are closed.