Leicestershire council not fined over child data breach

17 April 2012

The theft of data relating to vulnerable children has led to Leicestershire County Council breaching the Data Protection Act, the Information Commissioner's Office has found.

The breach occurred after documents were taken home by a social worker in a briefcase, which was then stolen during a burglary.

The documents were said to contain the sensitive personal data of 18 individuals which outlined details of neglect and requested the removal of the children from their parents' care.

"Local authorities must recognise that social workers are handling some of the most sensitive information available," said Stephen Eckersley, the ICO's head of enforcement.

"The fact that this information often relates to vulnerable young children means it is all the more important for these organisations to provide staff with adequate training and guidance on how to keep this information secure."

The ICO found that the even though the social worker had gained permission to take the reports home, the employee had not received relevant data protection training. And it was said that the handling of paper documents at home was not covered by the council's policy.

"While Leicestershire County Council already recognised the risks associated with home working and had produced guidance for their staff, the guidance did not explain how papers containing personal information should be kept secure," Eckersley said.

But he added he was pleased the council had now committed to taking action to protect personal information.

The ICO does have the power to fine up to £500,000 for serious breaches of the Data Protection Act. But there was no indication any monetary penalty would be imposed on the council.