ICO raps York Council after data breach

gallery

The City of York Council has been rapped by the Information Commissioner’s Office (ICO) after a printer mix-up.

The local authority breached the Data Protection Act when an employee mistakenly collected personal data from a printer, before sending it incorrectly with other documentation to a third party.

Following an investigation, the ICO found there was a lack of quality control and management supervision.

“This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data,” said acting head of enforcement at the ICO Sally-Anne Poole.

“If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided.”

The City of York Council has signed an undertaking to ensure no personal data is printed when it was not necessary.

New quality control checks when documents are being sent out have been introduced at the council as well.

Another day, another breach

The City of York revelations came a day after the ICO reported the Royal Cornwall Hospitals NHS Trust breached the Data Protection Act, again for disclosing information it shouldn’t have.

The breach occurred in July 2010 when an individual asked for information the Trust held about them, but the Trust ended up sending out the wrong person’s data.

Later that year, an almost identical occurrence happened to the same individual, although on that occasion the disclosed data related to a “third party.”

“Just because staff are busy with requests, this does not mean they can stop doing adequate checks before information is sent out,” Poole said.

Meanwhile, the ICO has been investigating separate data breaches at the University of York and at Play.com.

Email to a friend

Print this page