| Breach of act |
Breach of the seventh principle: the council had failed to take appropriate measures against the accidental loss of personal data such as having robust policies/ guidelines in place; training for staff who need to take paper files containing sensitive personal data out of the office; providing security locks for bags and using encrypted USBs. |
| Known or should have known |
The council recognised that social workers had a business need to take paper files containing confidential and sensitive personal data out of the office and should have put reasonable measures in place to prevent data loss. |
| Likely to cause damage or distress |
The data loss would potentially cause substantial distress to individuals including vulnerable children who may know or suspect that their confidential and highly sensitive personal data has been disclosed; and the contravention could have prejudiced the court hearing of the child protection case. |
