Southwark Council warned after misplacing personal information

gallery

Southwark Council violated the Data Protection Act by misplacing a computer and papers containing the personal information of over 7,000 people.

According to the Information Commissioner's Office (ICO), the computer and papers were mistakenly left behind at the council's old, vacated buildings in Southwark back in December 2009.

The information stored on the computer detailed peoples' names, addresses, ethnicity, medical history, and any past criminal convictions.

"The medical history and criminal convictions of thousands of constituents in Southwark Council is information that should never make it into the public domain and has the potential to seriously disrupt the lives of those affected," said Chris McIntosh, CEO of security company ViaSat UK and former MoD official.

"The fact that thousands of residents’ personal details went missing for over two years clearly shows that Southwark Council’s policies for handling personal information are below standard," said Sally Anne Poole, the ICO's Acting Head of Enforcement.

The Council has apparently taken action to handle data more securely. To do so, the transfer and disposal of personal information, as well as the devices used to store the information, will need to be better protected.

According to a press release from Southwark Council, staff will be trained on how to follow the organisation’s data protection policies and will be monitored in order to make sure those policies are being followed.

"Southwark Council has committed to putting changes in place and we look forward to completing an audit next year to help them to identify further improvements," added Poole.

Email to a friend

Print this page