Confidential child protection files ended up in shop

The Information Commissioner has criticised Scotland's child protection and youth justice body after nine confidential case files were found in a cabinet bought from a shop.

The Information Commissioner has criticised Scotland’s child protection and youth justice body after nine confidential case files were found in a cabinet bought from a shop.

Sensitive social care information about young people recorded by the Scottish Children’s Reporter Administration was found and emails that included sensitive information were sent to the wrong address.

Both breaches were the result of the organisation’s failure to ensure its data protection and IT security guidance were being correctly followed by staff and constituted a breach of the Data Protection Act, the Information Commissioner’s Office said.

The files were found in September 2010 by a person who bought the cabinet from a second-hand furniture shop. Inside the cabinet, which should have been destroyed after an office refurbishment, was paperwork with names, dates of birth, social reports and referral decisions.

Separately, in January 2011, legal papers that included sensitive information about a child’s court hearing – including details about physical abuse and the identities of the mother and witnesses – were sent to the wrong email address.

“The fact that sensitive information was mishandled not once but twice by the same organisation is concerning,” said Ken Macdonald, assistant commissioner for Scotland.

“Both times the personal data that was compromised related to young children and was caused by human errors that could easily have been avoided. Luckily, on both occasions, the information was not circulated widely.”

The Scottish Children’s Reporter Administration (SCRA) has taken action to ensure that personal information is secure, he said, adding that he is working with the SCRA to raise awareness of their data protection obligations through a series of workshops.

Neil Hunter, chief executive of the SCRA, has signed an undertaking to ensure staff are made aware of the organisation’s policies on the storage and use of personal data, and that checks are put in place to ensure the policy is followed.

What do you think?Join the debate on CareSpace

Keep up to date with the latest developments in social care. Sign up to our daily and weekly emails

Related articles

Lost memory stick puts council in breach of data protection

Haringey Council disciplines worker over confidential files left on train

More from Community Care

Comments are closed.