Breach details
| What | Loss of personal data and in one case loss of sensitive personal data. |
| How much | Unknown |
| When | Several incidents in early 2012 |
| Why | Documents containing personal data were inappropriately disclosed or disposed of, or put at risk of unauthorised access. The council had an out of date data protection policy, and provided insufficient data protection training. |
BW Comments
| The undertaking is very vague, and doesn’t provide specific details of what happened to cause the data losses, or why. |
Regulatory action
| Regulator | ICO | Action | Undertaking to comply with the seventh data protection principle |
| When | 20 December 2012 |
| Details | The data conroller is to ensure that all policies and procedures are up to date and in place to support staff who handle personal data and that these will be communicated to all relevant staff along with information governance training. |
BW Observations
| It is almost as if the council, as part of its self-reporting, suggested the necessary remedial action. |
Links
| View PDF of the Isle of Anglesey County Council Undertaking (Breach Watch Archive) |
| View PDF of the Isle of Anglesey County Council Undertaking (Via ICO Website) |