Fostering and adoption agencies are routinely putting sensitive personal information about those they work with at risk, according to an Information Commissioner’s Office report.
The ICO examined the data protection work of 10 fostering and adoption agencies in England and some several common problems in how they shared sensitive information with other agencies and internally.
It found that while most had adequate systems for restricting inappropriate staff access to sensitive records, information about looked-after children, foster carers and adopters was routinely being emailed to local authorities without encryption.
The ICO said the problem is partially due to local authority IT security systems that block encrypted messages and the difficulty of getting council IT teams to unblock these messages.
Most agencies also failed to use encryption on mobile devices, such as laptops and USB sticks, that they store personal data on. Some agencies also allowed staff to carry out work involving personal data on their home computers rather than via a more secure method.
John-Pierre Lamb, group manager in the ICO’s good practice team, warned that fostering and adoption agencies could face fines of up to £500,000 if they breached Data Protection Act.
“The work fostering and adoption agencies carry out is vital to helping some of the most vulnerable young people in society,” he said.
“Keeping their sensitive personal information secure must be recognised as an important part of this process and agencies must have the necessary safeguards in place to keep this information safe whether it’s in the office, at home or on the road.
“The worst breaches of the Data Protection Act can lead to a monetary penalty of up to £500,000, but, when you consider the sensitivity of the information this sector is responsible for, the human cost could be far more significant.
“Agencies and the councils they work with should see this report as a wake-up call and take action before it’s too late.”
The ICO fined North East Lincolnshire and Halton councils last year after sensitive information about the care of young people were lost by their social services departments. North East Lincolnshire was fined £80,000 and Halton £70,000.
Jacqui Lawrence, fostering development consultant at the British Association for Adoption and Fostering, said: “Local authorities and independent fostering and adoption agencies need to work together to ensure good practice is implemented.
“In a world of changing technology and an increased need to share and process sensitive personal information, agencies need to be constantly aware of their roles and responsibilities as data controllers”