Fury as confidential documents found blowing in the wind in Hatfield

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.whtimes.co.uk/news/fury_as_confidential_documents_found_blowing_in_the_wind_in_hatfield_1_2267606

CONFIDENTIAL documents were found blowing in the wind in Hatfield in
“an alarming discovery” by a councillor.

The papers, believed to have come from the former county supplies
depot in Mount Pleasant Lane, included an employee appraisal form
which featured a worker’s name and employment number.

The depot was sold by the County Council around two years ago and
buildings on the site are currently being demolished to make way for
116 homes.

A form from former highways contractor Amey, dated November 24 2004,
was found along with medical forms by Cllr Paul Zukowskyj, who told
the Welwyn Hatfield Times: “To say that is a breach of the Data
Protection Act would be putting it mildly.

“I found it wedged against the fence having been blown about a bit.

“It took me all of two seconds [to find]. I picked up a few but there
were an awful lot more.”

He said other documents bore signatures of individuals and were in
relation to whether people needed social care.

He added: “The county council should have completely cleared that site.”

Cllr Zukowskyj feared discarded letters and papers could prove to be a
goldmine for potential fraudsters.

“HCC claim that our information is safe, but leaving compliments slips
and other logoed materials is highly dangerous, as in the wrong hands
they could be used by fraudsters or others to trick innocent people
into giving them information,” he said.

He added: “Leaving potentially sensitive documents to be read by the
new property owners or to blow across public roads simply isn’t on.”

Now the Information Commissioner’s Office (ICO) is set to probe the data breach.

An ICO spokesman said: “All organisations have a legal obligation to
keep personal information secure and when it’s no longer needed, to
dispose of it safely.”

And, asked if the ICO would be opening an investigation, he added:
“[It is] fair to say [we are] looking into [it], yes.

“An investigation may be opened if and when we see evidence that
there’s something to investigate.”

Derrick Ashley, cabinet member for resources, said: “In 2009 as part
of the move from the site, we made arrangements for the removal and
disposal of all our operational assets as part of standard site
closure procedures.

“We apologise that in this instance it would appear that not all of
this work was successfully carried out.

“We are investigating how this happened to ensure that it does not
happen again.”
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.