Categories: SecurityWorkspace

Southwark Council Found Guilty Of Data Breach

In yet another case of negligence, the ICO has slammed Southwark Council for losing data belonging to 7,200 people.

The Information Commissioner’s Office (ICO) found that Southwark Council had breached the Data Protection Act by losing a computer and papers during an office move in December 2009. No fine was imposed because the case was too old.

Left behind and forgotten

According to a statement released today, the unencrypted iMac and other documents were left in the vacant building for two years before being discovered by the building’s new tenants in June and thrown into a skip.

The ICO’s enquiries found that information handling and decommissioning policies were ignored when the offices were vacated. The council also failed to ensure that the information on the computer was encrypted. The information included names and addresses, as well as  information relating to ethnic background, medical history and criminal convictions.

Acting Head of Enforcement, Sally Anne Poole stated that “The fact that thousands of residents’ personal details went missing for over two years clearly shows that Southwark Council’s policies for handling personal information are below standard. As this information was lost before the ICO received the power to issue financial penalties we are unable to consider taking more formal action in this case.”

The Council, which has agreed to overhaul its data security procedures and to be audited in 2012 to gauge its compliance, joins the other 105 councils, schools, trusts and businesses which have signed undertakings with the Commission since January 2010. The body has also issued three enforcement notices, conducted two prosecutions, and has only been able to issue fines to six organisations ranging from £1,000,  issued to controversial anti-piracy lawyer Andrew Jonathan Crossley, to £120,000 issued to Surrey County Council.

ViaSat UK’s Chris McIntosh added “This data breach further demonstrates that organisations are still woefully complacent in their handling of sensitive information. The medical history and criminal convictions of thousands of constituents in Southwark Council is information that should never make it into the public domain and has the potential to seriously disrupt the lives of those affected. The further fact that the names and addresses of these individuals were on the unencrypted computer puts them at real risk of identity fraud. Public sector organisations such as this need to ensure that information security measures are not only implemented but more importantly followed.  It is a shame that in this case the ICO is unable to use its powers to issue a financial penalty, as hopefully this will start to act as a real deterrent in the future.”

Iris Cheerin

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

5 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

6 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

7 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

8 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

11 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

11 hours ago