ICO praises council for tightening data protection policies

Wed 20 Jan 2010

Lancashire County Council (LCC) has been commended for taking steps to improve the security of sensitive data.

Confidential social work records were found last year in an old council filing cabinet that was on sale in a second-hand shop in Blackburn.

This put the Conservative-run authority in breach of the Data Protection Act, although it has now taken steps to ensure that a similar scenario does not occur again.

LCC is implementing a new written procedure that will be carried out whenever any piece of furniture or equipment is being disposed of.

Meanwhile, those affected by the security breach have been issued with an apology.

The Information Commissioner's Office said it is very pleased that the authority is tightening its data protection policies.

Head of enforcement Sally-Ann Poole said necessary safeguards have to be in place to ensure that personal information is disposed of securely.

She added that organisations must also make staff aware of these policies.

Richard Tinham, a partner at Winckworth Sherwood, commented: "This instance demonstrates the continuing need for data controllers to ensure compliance with the 8 Data Protection Act principles.

"That includes the putting in place of comprehensive data protection policies supported by effective staff training.

"The impending ability of the Information Commissioner to issue Monetary Penalty Notices fining data controllers up to £500,000 for serious breaches of the 8 Data Protection Act principles makes compliance all the more important in a environment where organisations are already under financial pressures."