Charity data protection policies are facing greater scrutiny – and with it the threat of losing tens of thousands of pounds in vital funds – after the data watchdog slapped one social care organisation with a £70,000 fine for mislaying highly sensitive information on four young children.
Revealing the fine, the Information Commissioner’s Office admitted that it recognised the problem of taking funds away from organisations, but conceded the seriousness of the breach left it with “little choice”
A social worker, who worked for Norwood Ravenswood, left the detailed reports at the side of the house on December 5, 2011 after attempting to deliver the items to the children’s prospective adoptive parents. At the time, neither occupant was at the house, but when they returned to the property the reports were gone. The information has never been recovered.
The reports contained sensitive information, including details of any neglect and abuse suffered by the children, along with information about their birth families. The ICO’s investigation found that the social worker had not received data protection training, in breach of the charity’s own policy, and received no guidance on how to send personal data securely to prospective adopters.
ICO head of enforcement Stephen Eckersley said: “We have warned the charity sector that they must have thorough policies and procedures in place to keep the often sensitive information they handle secure. We do not want to be issuing monetary penalties to charities, but in this case the seriousness of the breach left us with little choice.
“The children involved in this case were no more than 6 years old and now they are in a situation where their most sensitive details could be in the hands of a complete stranger. The fact that the social worker had received no training while working at the charity, on how to look after what is extremely sensitive information, is truly staggering. This breach was entirely avoidable.”
In August, the ICO warned charities that they were potentially more susceptible to a serious data breach as they will often be handling sensitive information, such as that relating to an individual’s health. The ICO advises any charities that require further support to sign up for a free advisory visit to improve their compliance.
