aims to be a useful repository of information about regulatory action taken as a result of data breaches. It provides a comprehensive archive of of ICO
and FCA/FSA enforcement, helpful categorisation and occasional analysis. More …
ICO Data Protection Act Enforcement
ICO Privacy and Electronic Communications Regulations Enforcement
- Royal Borough of Windsor & Maidenhead
||Personal data disclosed on the council's intranet in error.
||A spreadsheet containing details of individuals who had not signed a new employment contract was wrongly appended to a review document for general access on the intranet, rather than being added separately as a restricted item. The ICO investigation revealed that data protection and information security training for those with access to personal data had not been mandatory and that the policies on handling personal data were incomplete.
||Undertaking to comply with the seventh data protection principle.
||26 November 2013.
||The Council will review and revise its data protection policies and ensure existing staff have appropriate training by 31 December 2013. All new staff whose roles involve access to personal data will receive training as soon as they begin their employment at the Council. Compliance with these policies and the training will be regularly monitored and enforced.