Breach details
| What | Sensitive personal data including the mental and physical health of the data subjects held in a social care database. |
| How much | One record. |
| When | Unknown. |
| Why | A record held in the Council’s social care database was compromised by the inappropriate actions of two employees. A local governmental reorganisation in April 2009 had left Central Bedfordshire Council and the data controller with non-relevant records which were in the process of being removed at the time of the incident. |
BW Comments
| This is closely linked to the undertaking signed by Central Bedfordshire Council. |
Regulatory action
| Regulator | ICO | Action | Undertaking to comply with the seventh data protection principle |
| When | 10 September 2012 |
| Details | The social care database was to be completely cleansed of unnecessary data from the previous local authority by 31 March 2013, and security measures were to be implemented to protect personal data. |
BW Observations
| As with the Central Bedfordshire Council undertaking there is no explanation provided by the Commissioner about the delay in publishing this undertaking although this is probably related to the appeal to the Information Tribunal by Central Bedfordshire Council being withdrawn. |
Links
| View PDF of the Bedford Borough Council Undertaking (Breach Watch Archive) |
| View PDF of the Bedford Borough Council Undertaking (Via ICO Website) |