The City of York Council has been rapped by the Information Commissioner's Office (ICO) after a printer mix-up.
The local authority breached the Data Protection Act when an employee mistakenly collected personal data from a printer, before sending it incorrectly with other documentation to a third party.
Following an investigation, the ICO found there was a lack of quality control and management supervision.
"This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data," said acting head of enforcement at the ICO Sally-Anne Poole.
"If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided." The City of York Council has signed an undertaking to ensure no personal data is printed when it was not necessary.
New quality control checks when documents are being sent out have been introduced at the council as well.
Another day, another breach
The City of York revelations came a day after the ICO reported the Royal Cornwall Hospitals NHS Trust breached the Data Protection Act, again for disclosing information it shouldn't have.
The breach occurred in July 2010 when an individual asked for information the Trust held about them, but the Trust ended up sending out the wrong person's data.
Later that year, an almost identical occurrence happened to the same individual, although on that occasion the disclosed data related to a "third party."
"Just because staff are busy with requests, this does not mean they can stop doing adequate checks before information is sent out," Poole said.
Meanwhile, the ICO has been investigating separate data breaches at the University of York and at Play.com.
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
