From the Information Commissioner’s Office:
The London Borough of Barnet has been issued with a penalty of £70,000 for losing paper records containing highly sensitive and confidential information, including the names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people.
The loss occurred when a social worker took the paper records home to work on them out of hours. The social worker’s home was burgled in April last year, and a laptop bag, containing the records and an encrypted computer, was stolen.
The ICO’s investigation found that the council failed to take appropriate organisational measures against the accidental loss of personal data held on paper records. Although the council had an information security policy and some guidance for staff on handling sensitive papers, the measures failed to explain how the information should be kept secure.
Today’s penalty comes after the council signed an undertaking in June 2010 following an earlier incident, during which an unencrypted device containing personal data was stolen from an employee’s home. While the council later introduced a paper handling policy following the undertaking, this policy was not in place at the time of the second loss.
Simon Entwisle, the ICO’s Director of Operations, said:
“The potential for damage and distress in this case is obvious. It is therefore extremely disappointing the council had not put in place sufficient measures in time to avoid this second loss.
“While we are pleased that Barnet Council has now taken action to keep the personal data they use secure, it is vitally important that organisations have the correct guidance in place to keep sensitive paper records taken outside of the office safe. This includes storing papers containing sensitive information separately from laptops.”