The Information Commissioner's Office (ICO) has fined a London charity for losing sensitive information relating to the care of four young children.
The data loss occurred on 5 December 2011 and was caused when a social worker who worked for charity Norwood Ravenswood tried to deliver information about children to the home their prospective adoptive parents.
The social worker received no response, as both occupants were out at the time, and left the reports at the side of the house. When the potential adoptive parents returned home, however, the papers were gone and have never been recovered.
The fact that the social worker had received no training on how to look after extremely sensitive information is truly staggering.
Stephen Eckersley, head of enforcement at the ICO described the incident as "entirely avoidable".
"We have warned the charity sector that they must have thorough policies and procedures in place to keep the sensitive information they handle secure," he said in a statement.
"The children involved in this case were no more than 6 years old and now they are in a situation where their most sensitive details could be in the hands of a complete stranger. The fact that the social worker had received no training while working at the charity, on how to look after what is extremely sensitive information, is truly staggering," Eckersley added.
A spokesperson from Norwood Ravenswood told IT Pro that this was an isolated breach of the Data Protection Act and it reported itself to the ICO after as soon as it was discovered.
"Norwood took immediate steps to tighten its procedures in line with the Act to ensure that an incident of this kind will not be repeated."
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
