Croydon Council has today been fined £100,000 by the Information Commissioner’s Office and accused of negligence after a social worker had sensitive documents on the welfare of a child sex victim stolen from a local pub.
The reason that the government agency said it has come down so hard on Croydon was because the social worker had not received adequate training on how to look after sensitive personal documents. Croydon Council’s defence was that it offers advice on the matter on its internet…
In a media statement issued this morning, Stephen Eckersley, the ICO’s head of enforcement said: “We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen. However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place.”
So much for Croydon Council’s boasts of having “efficiency in our DNA”.
Croydon’s breach of data security was announced along with a similar fine against Norfolk County Council.
Eckersley said: “While both councils acted swiftly to inform the people involved and have since taken remedial action, this does not excuse the fact that vulnerable children and their families should never have been put in this situation.”
The Croydon Council breach – which happened in April 2011 – occurred when an unlocked bag belonging to a social worker was stolen from a London pub. The worker was taking papers, including information about the sexual abuse of a child and six other people connected to a court hearing, home for use at a meeting the following day. The bag and its contents have never been recovered.
Some details of the bag theft are contained in the ICO’s full report (which is accessible by clicking on this page, scrolling to February 13 under Monetary Penalty Notices, and then downloading the report in pdf format). The report says that the social worker took the files home with him from the office to save on travelling time the following day for a case meeting. Fair enough.
The staff member, from the Children and Young People’s division, left the office around 5pm, and “went home via crowded Public House and left the unlocked bag between the chairs in which he was sitting with his colleagues”.
Later, the report states: “When the Social Worker realised the bag was missing around 11pm…” Around 11pm?? Must have been a good sesh.
“The ICO’s investigation found that while Croydon Council did have data protection guidance available at the time of the theft, it was not actively communicated to staff and the council had failed to monitor whether it had been read and understood,” today’s IOC ruling says.
“The council’s policy on data security was also inadequate and did not stipulate how sensitive information should be kept secure when taken outside of the office.”
- Inside Croydon: brought to you from the heart of the borough, free of charge, an independent voice standing for freedom of speech for the people of Croydon
Related articles
- Who is paying for Boris’s election stunt in Croydon? (insidecroydon.com)
- Croydon Council paid £20m for interim staff in 2011 (insidecroydon.com)
- Mead says he’s “proud” of Croydon’s £50m uncollected tax (insidecroydon.com)
That would explain why they introduced encrypted memory sticks last year across the Council. I don’t recall this issue being reported to council (and thus the public). Secrecy a hallmark of Croydon Council under this Conservative administration.
If the intranet is anything like the Croydon internet site, I’m not surprised the advice regarding handling documents went unheeded. You really have to ‘dig’ to find anything!