Social worker agrees three-year caution after data protection breach

Agency practitioner admits that fitness to practise was impaired after being found to have emailed confidential documents

Image of confidential documents (Photo: flickr/ michael_swan)
Photo: flickr/ michael_swan

A social worker has agreed to a three-year caution after being found to have forwarded multiple confidential documents to a personal email account.

The practitioner’s misconduct was only discovered after she had completed an agency stint with a council, which accessed her staff email account to retrieve material relating to work left incomplete.

The local authority found the social worker had forwarded more than 20 documents, including care plans, assessments and court statements, mostly unredacted to her Yahoo account during late 2017.

It referred the case to the Health and Care Professions Council (HCPC), which agreed a caution order by consent at a tribunal hearing in late March, after the social worker admitted the allegation in full. The social worker was not practising at the time of the hearing but hoped to return to social work, the tribunal noted.

Data breaches by social workers have been something of a regulatory grey area in recent times. A social worker escaped sanction in 2016 after self-referring to the HCPC and arguing he had forwarded emails to a personal account due to a “highly pressurised” work environment and disruption caused by a change in IT system.

Remedial training

In the wake of her being referred to the HCPC, the social worker in the recent case prepared a reflective statement acknowledging her misconduct. She also issued a written apology and completed remedial data protection training.

The social worker confirmed via her legal representative that she was prepared to admit that her fitness to practise had been impaired by her behaviour.

“The panel accepts that by her statement and by agreeing to the draft consent order, the registrant has shown both reflection and insight,” the tribunal said.

“She has further recognised the serious nature of the allegation made against her,” it added. “She has acknowledged the potential ramifications that her actions could have had on service users and the further impact that this conduct could have on the reputation of and public confidence in social workers.”

The data breach was an isolated incident in which no service users had been harmed and the risk of any similar future incident was low, the tribunal concluded in agreeing the sanction.

It added that even had a contested hearing taken place, it was unlikely that a stiffer punishment would have been imposed.

More from Community Care

8 Responses to Social worker agrees three-year caution after data protection breach

  1. Chris April 11, 2019 at 9:10 pm #

    A lot of people will have also done this as pressure to complete work on time and maybe no works laptop to work from home. Councils needs to recognise the pressures on staff and if they need to work at home then provide them with equipment to do so or lower caseloads. Social workers seem to be damned if they do and damned if they don’t.

  2. Disillusioned April 12, 2019 at 10:21 am #

    Such punishment by hcpc makes you wonder about the mindset and approach of the organisations running and regulating this field.
    This practice is prevalent due to work pressure but are the managers brought to the attention of hcpc, sacked, reprimanded for their practice? NO
    Hcpc sanctions are disproportionate.

  3. CF April 12, 2019 at 12:58 pm #

    These rules apply to redacted documents too: important to remember if you’re a student redacting work for a portfolio or an experienced practitioner asked to provide evidence of your work to a future employer: consent to share is always required. Never assume you’re allowed to send any document (redacted or not) outside of the organisation without checking.

  4. Luke Leigh April 13, 2019 at 9:08 am #

    If you can’t do the time, then don’t do the crime people.

    Policies and procedures exist for a reason and it is in everyone’s interest that you follow them. If something is impeding you in doing this, might I suggest that you make those in charge aware of the situation and make them resolve it.

    Its quite apparent that this is important, how would any of you feel were it your personal data being breached?

    Just because a system is flawed, bypassing it is never the solution.

  5. Disillusioned April 15, 2019 at 9:30 am #

    The same yardstick do not apply to the management.
    Workers you are damned if you do and damned if you don’t but the management is immune from these sanctions.
    If such an issue is sighted with the management’s practice, it is internally addressed with or without a reprimand but no one in the senior management would contemplate referring to hcpc.

  6. Erin April 18, 2019 at 3:01 pm #

    What an attractive profession social work is. Micromanaged to death, no end to high unmanageable caseloads, no support and living in fear of over zealous managemt sacrificing you to the HCPC . What other profession is there that demoralise their staff this way. I wonder why there is and always will be a national shortage of social workers?

    • Charlotte April 23, 2019 at 11:02 am #

      Unfortunately so on the mark Erin!!

      • Anonymous April 27, 2019 at 6:59 am #

        Yep… very sad