The Information Commissioner's Office (ICO) has fined a London charity for losing sensitive information relating to the care of four young children.
The data loss occurred on 5 December 2011 and was caused when a social worker who worked for charity Norwood Ravenswood tried to deliver information about children to the home their prospective adoptive parents.
The social worker received no response, as both occupants were out at the time, and left the reports at the side of the house. When the potential adoptive parents returned home, however, the papers were gone and have never been recovered.
The fact that the social worker had received no training on how to look after extremely sensitive information is truly staggering.
Stephen Eckersley, head of enforcement at the ICO described the incident as "entirely avoidable".
"We have warned the charity sector that they must have thorough policies and procedures in place to keep the sensitive information they handle secure," he said in a statement.
"The children involved in this case were no more than 6 years old and now they are in a situation where their most sensitive details could be in the hands of a complete stranger. The fact that the social worker had received no training while working at the charity, on how to look after what is extremely sensitive information, is truly staggering," Eckersley added.
A spokesperson from Norwood Ravenswood told IT Pro that this was an isolated breach of the Data Protection Act and it reported itself to the ICO after as soon as it was discovered.
"Norwood took immediate steps to tighten its procedures in line with the Act to ensure that an incident of this kind will not be repeated."
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
