|Breach of act
||Breach of the seventh principle: the council had failed to take appropriate measures against the accidental loss of personal data such as having robust policies/ guidelines in place; training for staff who need to take paper files containing sensitive personal data out of the office; providing security locks for bags and using encrypted USBs.
|Known or should have known
||The council recognised that social workers had a business need to take paper files containing confidential and sensitive personal data out of the office and should have put reasonable measures in place to prevent data loss.
|Likely to cause damage or distress
||The data loss would potentially cause substantial distress to individuals including vulnerable children who may know or suspect that their confidential and highly sensitive personal data has been disclosed; and the contravention could have prejudiced the court hearing of the child protection case.