|20 April 2011
|A social worker’s bag containing papers relating to the care of a child sex abuse victim was stolen from a London pub. The data controller did not appear to have provided any information security training to the social worker involved and the onus was on staff to update their own knowledge and read the data controller’s policies in the intranet. No checks were made to ensure that staff had read or understood these police.
|Monetary penalty of £ 100,000
|13 Fenruary 2012
Why the regulator acted
|Breach of act
|Loss of papers, which could disrupt an ongoing legal case.
Inappropriate organisational and technical measures.
|Known or should have known
|It was clear staff would need to take sensitive data outside of the office, but there were no policies in place to ensure this was done securely.
|Likely to cause damage or distress
|Information related to an ongoing legal case.
|View PDF of the Croydon Council Monetary Penalty Notice (Breach Watch Archive)
|View PDF of the Croydon Council Monetary Penalty Notice (Via ICO Website)