ICO rules Wirral Council breached Data Protection Act over blunders and insists on further undertaking
Wirral Council are in trouble with the Information Commissioner’s Office again over yet another set of blunders. This time they sent “sensitive personal information” to the wrong address (multiple times) which in one case included details of a criminal offence. The mistakes happened in February and again in April of this year.
The Information Commissioner’s Office is also aware of three previous disclosure incidents reported to them over the past sixteen months. Prior to this period there was the incident where Wirral Council accidentally published a whistleblower’s name on their website.
When the Information Commissioner’s Office investigated, they found that Wirral council had “no mandatory data protection training in place for staff and did not have adequate checks in place to make sure records were being sent to the correct address”.
Information Commissioner’s Office Head of Enforcement, Stephen Eckersley, said:
“While human error was a factor in each of these cases, the council should have done more to keep the information secure. Social workers routinely handle sensitive information and Wirral Borough Council failed to ensure their staff received adequate training on how to keep people’s information secure.
“We are pleased that the council has now made its data protection training mandatory for all staff following these incidents and has agreed to take further action to address the underlying problems that led to these mistakes. This includes ensuring that all staff complete the data protection training by the end of June and adequate checks are in place to make sure sensitive records are being sent to the right address.”
Wirral Council’s Chief Executive Graham Burgess has had to sign an undertaking that Wirral Council will change and do better in the future. Last year Wirral Council had to sign a similar undertaking after their poor performance with Freedom of Information Act requests following concerns raised by the Information Commissioner’s Office.
Joe Blott, Wirral’s Strategic Director of Transformation and Resources, said “We take these matters very seriously. As soon as we discovered the errors, we self-referred to the ICO and took immediate steps to discover what went wrong, and make sure we do what is necessary to ensure it doesn’t happen again.
We have taken on board the ICO’s concerns, and have improved our data protection compliance. This has included training for staff with access to confidential and sensitive data, and a re-iteration of how we can and should endeavour to keep confidential information safe.”
ICO Press release 15th April 2014 “Merseyside council agrees to improve practices after social service records sent to the wrong address”
Wirral Council press release 15th April 2014 Council commits to improve data protection following Information Commissioner’s ruling
If you click on any of the buttons below, you’ll be doing me a favour by sharing this article with other people.