A local authority has been fined £100,000 after an employee accidentally posted sensitive information on several vulnerable children and their families onto the internet.
The Aberdeen City Council employee accessed social services reports, meeting minutes and other documents from her home computer, and a file transfer program automatically uploaded the documents to a website on 8-14 November 2011.
The information, which included details of alleged criminal offences, stayed online until 15 February 2012. The council then reported the incident to the Information Commissioner’s Office (ICO). An investigation found the council did not have a relevant home working policy in place or sufficient measures in place to restrict the downloading of sensitive information from the Council’s network.
Ken Macdonald, Assistant Commissioner for Scotland at the ICO, said: “In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information.
“On a wider level, the council also had no checks in place to see whether the council’s existing data protection guidance was being followed. The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months.
“We would urge all social work departments to sit up and take notice of this case by taking the time to check their home working setup is up to scratch.”
