Tag Archives: Physical Records

North Lanarkshire Council

Posted on by

What

Loss of sensitive personal data.

How much

Six records.

Why

A home support worker’s bag which contained hard copies of records relating to vulnerable individuals was stolen.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that adequate security measures and implemented for hard copy documentation and that such documents contain the minimum amount of personal data necessary.

Reason for action

The home support worker’s bag was not locked and further investigation revealed that staff were given insufficient guidance about how to use and transport such documentation.

When

08 June 2011.

Links

View PDF of the North Lanarkshire Council Undertaking (Via ICO Website)

View PDF of the North Lanarkshire Council Undertaking (Breach Watch Archive)

Somerset County Council

Posted on by

What

Loss of sensitive personal data.

How much

One record.

Why

An employee working on two cases inadvertently enclosed one child’s assessment letter to the other family.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that procedures are implemented to record quality control checks prior to the distribution of documents.

Reason for action

The incident revealed a lack of sufficient checks and controls in areas of the data controller’s operations dealing with significant amounts of personal data.

When

13 May 2011.

Links

View PDF of the Somerset County Council Undertaking (Via ICO Website)

View PDF of the Somerset County Council Undertaking (Breach Watch Archive)

Freehold Community School

Posted on by

What

Loss of personal data.

How much

90 records.

Why

An unencrypted laptop and paper work was stolen from a teacher’s car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that portable media devices are suitably encrypted.

Reason for action

The data controller was unaware of the necessity to ensure the encryption of portable media devices.

When

21 April 2011.

Links

View PDF of the Freehold Community School Undertaking (Via ICO Website)

View PDF of the Freehold Community School Undertaking (Breach Watch Archive)

Norwich City College of Further and Higher Education

Posted on by

What

Loss of sensitive personal information on two occasions.

How much

80 records.

Why

Hard copy records were disposed of inappropriately and insecurely.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that a formal policy for the disposal of confidential waste be written and implemented.

Reason for action

The records were disposed of in standard black bin liners and were thrown into a skip on college grounds by cleaning staff, the same as any other waste.

When

19 April 2011.

Links

View PDF of the Norwich City College of Further and Higher Education Undertaking (Via ICO Website)

View PDF of the Norwich City College of Further and Higher Education Undertaking (Breach Watch Archive)

Council for Healthcare Regulatory Excellence

Posted on by

What

Possible loss of sensitive personal information.

How much

Three records

Why

Discovery that some hard copy files relating to cases could not be accounted for.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all correspondence regarding personal data is adequately protected and a permanent system for the logging of data is put into place.

Reason for action

It was impossible, due to insufficient data tracking, to be sure if the data had ever been received by the data controller, let alone lost.

When

15 April 2011.

Links

View PDF of the Council for Healthcare Regulatory Excellence Undertaking (Via ICO Website)

View PDF of the Council for Healthcare Regulatory Excellence Undertaking (Breach Watch Archive)

NHS Liverpool Community Health

Posted on by

What

Loss of sensitive personal information.

How much

31 records

Why

Files were transported in uncollected crates by a removal company which the data controller did not have a contract with.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that written contracts are used whenever third parties might have access to sensitive data and that clear and precise policies will be put into place for how to transport data while moving offices .

Reason for action

Contradictory instructions given to staff members by the removal company lead to confusion as to how the data could be transported, leading to errors made due to short notice.

When

11 April 2011.

Links

View PDF of the NHS Liverpool Community Health Undertaking (Via ICO Undertaking)

View PDF of the NHS Liverpool Community Health Undertaking (Breach Watch Archive)

City of York Council

Posted on by

What

Loss of sensitive personal information.

How much

One record.

Why

The information was erroneously included with documentation sent to an unrelated third party.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that documentation containing personal data is not printed when there is no need to do so.

Reason for action

The information was mistakenly collected from a shared printer by an employee who failed to check that the documentation was only for their case. A lack of quality control prevented this error from being discovered until it was too late.

When

05 April 2011.

Links

View PDF of the City of York Council Undertaking (Via ICO Website)

View PDF of the City of York Council Undertaking (Breach Watch Archive)

Aramark Ltd.

Posted on by

What

Loss of personal information.

How much

109 records.

Why

Paperwork and an unencrypted laptop were stolen in-transit.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are sufficiently encrypted and are only taken off site when absolutely necessary.

Reason for action

Although the laptop was password protected, this was insufficient security, given the sensitive nature of the data it contained

When

24 February 2011.

Links

View PDF of the Aramark Ltd. Undertaking (Via ICO Website)

View PDF of the Aramark Ltd. Undertaking (Breach Watch Archive)

Ms Phillimore, a barrister

Posted on by

What

Loss of sensitive personal information.

How much

“A sizeable quantity”

Why

Theft of two hard copy folders of case files from her car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that appropriate physical security measures are taken to protect physical data – in particular data must not be left outside the chambers overnight.

Reason for action

The data should never have been disposed of in a skip. The data controller had a written contract with a third party for the disposal of confidential waste, but on this occasion there was confusion as to the confidential nature of the waste.

When

23 March 2011.

Links

View PDF of Ms Phillimore’s Undertaking (Via ICO Website)

View PDF of Ms Phillimore’s Undertaking (Breach Watch Archive)

Identity and Password Service

Posted on by

What

Loss of sensitive personal information.

How much

21 records.

Why

21 password renewal applications were lost from a particular passport office.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that reasonable steps are taken to ensure the security of data while it is processed.

Reason for action

All those effected were notified and received new passwords without complaint, however the incident demonstrated insufficiently secure processing of personal data

When

21 February 2011.

Links

View PDF of the Isle of Identity and Password Service Undertaking (Via ICO Website)

View PDF of the Isle of Identity and Password Service Undertaking (Breach Watch Archive)