Breach details
| What | Confidential client information contained in a folder was left at a cafe. |
| How much | A folder containing information on one case. |
| When | June 2012 |
| Why | A lack of effective controls and procedures for taking information out of the office contributed to the loss of this personal data. Excessive information was also being transported as the folder contained personal data not relevant to the scheduled meetings. However, there were general polices and procedures in place and the support worker had received relevant training. The support worker was also acting against previous instructions given by Foyle Women’s Aid. |
Regulatory action
| Regulator | ICO | Action | Undertaking to comply with the seventh data protection principle. |
| When | 13 August 2013. |
| Details | Foyle Women’s Aid will immediately implement a formal policy covering the use of personal data outside of the office and provide training to their staff; compliance with these policies shall be regularly monitored. Portable devices used for the storage and transmission of personal data must be encrypted. Physical and other security measures must also be implemented to protect against unauthorised access to personal data. |
Links
| View PDF of the Foyle Women’s Aid Undertaking (Breach Watch Archive) |
| View PDF of the Foyle Women’s Aid Undertaking (Via ICO Website) |
Follow Up
| The ICO conducted a follow up assessment on 19 November 2013. |
| View PDF of the Foyle Women’s Aid Follow Up (Breach Watch Archive) |
| View PDF of the Foyle Women’s Aid Undertaking Follow Up (Via ICO Website) |