Council breaches child protection laws
Telford and Wrekin Council is the latest council to be fined for breaching data laws - being fined £90,000 by the Information Commissioner's Office (ICO) following disclosure of vulnerable children's data.
The fine was issued following two similar data breaches, which occurred within two months of each other. The first occurred in March last year, when a member of staff working in Safeguarding Services sent the Social Care Core Assessment of one child to the child's sibling instead of their mother, who lived at the same address.
The second breach concerned the inclusion of the names and addresses of the foster care placements of two young children in their Placement Information Record (PIR).
The ICO's deputy commissioner and director of data protection, David Smith, said, "The decision by the ICO to issue a penalty in this case reflects its seriousness - these were two very similar data breaches which occurred within a short space of time, and both involved highly confidential and sensitive personal data.
"Most importantly, some of the people affected were vulnerable children, two of whom had to be moved to a new foster home as a result of the second data breach. It is the responsibility of all organisations - especially where children or other vulnerable people are involved - to keep sensitive personal data secure."
An investigation carried out by the council following the first breach found that the relationship records set up on the children's information system, PROTOCOL, for the children involved in the first incident, were not populated with adequate information. The PROTOCOL system was set up so that the details of individuals were printed automatically on the assessment, although a user could tick a box to ensure that the details weren't printed. There was also no process in place to check the documents before they were posted out.
Its subsequent investigation, following the second breach, found that the default setting on the PROTOCOL system was to include the foster carer's details in the PIR, and there was no process in place to check the PIR after it was printed.
The council has now committed to taking action including providing Safeguarding Services staff with further training and support on data protection and information security as well as on using the PROTOCOL system. They are also introducing formal guidance on checking documents printed off the PROTOCOL system, and making changes to its configuration.