Confidential Hertfordshire County Council papers 'found in street'

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.bbc.co.uk/news/uk-england-beds-bucks-herts-23157540

A council has apologised after papers holding personal staff details
were found discarded in a street.

Liberal Democrat councillor Paul Zukowskyj said he saw Hertfordshire
County Council documents outside a former adult care office in
Hatfield.

Derrick Ashley, cabinet member for resources, said the council
apologised and would investigate how it happened.

Mr Zukowskyj said he had yet to decide whether to report the potential
data breach to the Information Commissioner.

Mr Zukowskyj said he spotted the documents near the former Mount
Pleasant depot, which was vacated by the council in 2009 and is in the
process of being demolished.

"There was a range of things - blank care assessment forms, compliment
slips with HCC [Hertfordshire County Council] logos and directors'
names on," said Mr Zukowskyj.

'Removal and disposal'

"The final one that tipped the issue was a staff appraisal form front
sheet with a staff member's name, personnel number and so on.

"I'm not happy."

The Conservative-controlled council was fined £100,000 by the
Information Commissioner in 2010 for accidentally faxing details of a
child sex abuse case to a member of the public.

Last year, it also received a warning from the commissioner after
losing a folder containing details of primary school visits in 2011.

Mr Ashley, a Conservative, said: "In 2009, as part of the move from
the site, we made arrangements for the removal and disposal of all our
operational assets as part of standard site closure procedures.

"We apologise that in this instance it would appear that not all of
this work was successfully carried out. We are investigating how this
happened to ensure that it does not happen again."

The council said litter-pickers were removing the remaining papers
from the area.

An spokesman for the Information Commissioner said: "We would normally
investigate if there was a complaint made to us, though if we see
stories particularly pointing to a breach we may contact the authority
directly."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.