Fostering and adoption agencies routinely put personal data at risk warns Information Commissioner

Privacy watchdog issues 'wake-up call' to fostering and adoption agencies over IT security

Fostering and adoption agencies are routinely putting sensitive personal information about those they work with at risk, according to an Information Commissioner’s Office report.

The ICO examined the data protection work of 10 fostering and adoption agencies in England and some several common problems in how they shared sensitive information with other agencies and internally.

It found that while most had adequate systems for restricting inappropriate staff access to sensitive records, information about looked-after children, foster carers and adopters was routinely being emailed to local authorities without encryption.

The ICO said the problem is partially due to local authority IT security systems that block encrypted messages and the difficulty of getting council IT teams to unblock these messages.

Most agencies also failed to use encryption on mobile devices, such as laptops and USB sticks, that they store personal data on. Some agencies also allowed staff to carry out work involving personal data on their home computers rather than via a more secure method.

John-Pierre Lamb, group manager in the ICO’s good practice team, warned that fostering and adoption agencies could face fines of up to £500,000 if they breached Data Protection Act.

“The work fostering and adoption agencies carry out is vital to helping some of the most vulnerable young people in society,” he said.

“Keeping their sensitive personal information secure must be recognised as an important part of this process and agencies must have the necessary safeguards in place to keep this information safe whether it’s in the office, at home or on the road.

“The worst breaches of the Data Protection Act can lead to a monetary penalty of up to £500,000, but, when you consider the sensitivity of the information this sector is responsible for, the human cost could be far more significant.

“Agencies and the councils they work with should see this report as a wake-up call and take action before it’s too late.”

The ICO fined North East Lincolnshire and Halton councils last year after sensitive information about the care of young people were lost by their social services departments. North East Lincolnshire was fined £80,000 and Halton £70,000.

Jacqui Lawrence, fostering development consultant at the British Association for Adoption and Fostering, said: “Local authorities and independent fostering and adoption agencies need to work together to ensure good practice is implemented.

“In a world of changing technology and an increased need to share and process sensitive personal information, agencies need to be constantly aware of their roles and responsibilities as data controllers”

More from Community Care

One Response to Fostering and adoption agencies routinely put personal data at risk warns Information Commissioner

  1. Harvey Gallagher February 6, 2014 at 4:02 pm #

    NAFP welcomes this report – there’s clearly much more we could be doing to ensure that information about children and carers is handled securely. As providers of services, it is our responsibility to ensure this happens and we should make every effort to get this right. The ICO found some good practice with regard to the internal controls put in place by agencies. But the significant challenge is at the interface between local authorities and independent providers where local services are under significant pressure.We could do much more to streamline some of the unnecessarily complicated information gathering that makes the task of handling that information so much more difficult. NAFP looks forward to working with ICO over the coming months to raise the standard of information handling in fostering to ensure we are the best we can be.