Do you consent to receiving Google Analytics cookies? We use these to aid in improving and maintaining our website. This site also requires other cookies to function correctly. More information.This site requires Javascript to function correctly

Cookies and your privacy

In accordance with the ICO's EU e-Privacy Directive and to help protect your privacy we are making you aware of the use of cookies on this site.

The only cookies used to track your behaviour on this site are those used in Google Analytics. Google Inc are members of the US Safe Harbor Scheme. This scheme allows the transfer of data from within the EEA to countries that are outside of the EEA without having to enter into a specific data transfer agreement. Companies that sign up to the scheme are deemed to provide adequate protection for personal data transmitted from Europe. Google Inc's registration is at http://safeharbor.export.gov/companyinfo.aspx?id=10543.

For more information on the cookies set by Google Analytics please go to: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html.

This site also makes use of other essential Anonymous cookies, and the site won't work as expected without them. If you don't accept these anonymous cookies some features of the site may be unavailable.

Please note disabling Goolge analytics will prevent us from gaining accurate insights into the use of this site and hinder future improvements.

UKAuthority.com's full privacy statement.

UKAuthority.com

Trusted. Independent. Public sector technology news.

Tuesday 11 September 2012Author: Helen Olsen

Scottish Borders fined £250,000 for employee records in recycle bin

The ICO has handed out a £250k fine to Scottish Borders Council after former employees’ pension records were found in an over-filled paper recycle bank in a supermarket car park.

An outside company had been hired by the council to digitise the records, but appropriate guarantees on how the personal data would be kept secure had not been sought, prompting the Information Commissioner to use his powers under the Data Protection Act to impose a Civil Monetary Penalty.

It is believed more than 600 files were deposited at the recycle bins, containing confidential information and, in a significant number of cases, salary and bank account details. The files were spotted by a member of the public who called police, prompting the recovery of 676 files. A further 172 files deposited on the same day but at a different paper recycling bank are thought to have been destroyed in the recycling process.

Ken Macdonald, ICO assistant commissioner for Scotland, said, "This is a classic case of an organisation taking its eye off the ball when it came to outsourcing. When the council decided to contract out the digitising of these records, they handed large volumes of confidential information to an outside company without performing sufficient checks on how securely the information would be kept, and without even putting a contract in place.

"It is only good fortune that these records were found by someone sensible enough to call the police. It is easy to imagine other circumstances where this information could have exposed people to identity fraud and possible financial loss through no fault of their own.

"If one positive can come out of this, it is that other organisations realise the importance of properly managing third parties who process personal data. The Data Protection Act is very clear where the responsibility for the security of that information remains, and what penalties await those who do not comply with the law."

For more ICO information on the Data Protection Act and outsourcing data processing see http://www.ico.gov.uk/for_organisations/guidance_index/~/media/documents/library/Data_Protection/Detailed_specialist_guides/outsourcing_guide_for_smes.ashx

       
UKA Live Pre Registration
UKA Live: view recorded interviews
Informed Communications Ltd. 2013 ©  |  Terms Of Use  |  Privacy Statement