Halton BC fined for serious data breach

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.localgov.co.uk/index.cfm?method=news.detail&id=110002

Last year, the council sent a letter to the birth mother an adopted
child including the details of the adoptive parents’ home address.
This was subsequently passed on to the grandparents who had been
trying to obtain access to the child.

The investigation by the Information Commissioner’s Office (ICO) found
that Halton BC failed to have a clear policy and process for checking
such correspondence.

Steve Eckersley, ICO head of enforcement, said: ‘It would be easy to
dismiss this as a simple case of human error. The reality is that this
incident happened because the organisation did not pay enough
attention to how it handles vulnerable people’s sensitive information,
leading to a mistake that was entirely avoidable had the right
guidance and training been in place.

‘The distress this incident will have caused the people involved is
obvious, and the penalty we have issued today reflects that.’

Since the incident, the council has implemented a clear checklist of
requirements before such correspondence can be distributed.

The ICO has previously warned there is an 'underlying problem with
data protection in local government'.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.