Breach details
| What | Personal data including information on the health and ethnicity of the data subjects. |
| How much | Two cases. |
| When | December 2012 and January 2013. |
| Why | Two separate incidents involved incorrect handling of personal data by social work staff. In the first case an email containing personal information about a family was sent across an unsecured internet connection and also sent to an agency unconnected to the family. In the second case papers were lost in an accident when a member of staff took them home when leaving work early due to severe weather. |
Regulatory action
| Regulator | ICO | Action | Undertaking to comply with the seventh data protection principle. |
| When | 11 September 2013. |
| Details | Staff are to be trained in how to follow the Council’s procedures for the storage and use of personal data by 30 November 2013. Training is also required before staff are granted access to the Council’s sytems and should be refreshed within two years. In addition to training new procedures covering such issues as the transporting of personal data outside of the office must be drafted by 30 November. |
Links
| View PDF of the Luton Borough Council Undertaking (Breach Watch Archive) |
| View PDF of the Luton Borough Council Undertaking (Via ICO Website) |
Follow Up
| The ICO conducted a follow up assessment on 11 December 2013 (published on 30 December). |
| View PDF of the Luton Borough Council Follow Up (Breach Watch Archive) |
| View PDF of the Luton Borough Council Undertaking Follow Up (Via ICO Website) |