A county council has been fined £60,000 after leaving sensitive information about children in a cabinet sent to a second hand shop.
Norfolk County Council received the fine from the Information Commissioner’s Office (ICO) after a member of the public brought the cabinet, which contained information on seven children.
Steve Eckersley, ICO head of enforcement, said: ‘Councils have a duty to look after any personal information they hold, all the more so when highly sensitive information is concerned – in particular about adults and children in vulnerable circumstances.
‘For no good reason Norfolk County Council appears to have overlooked the need to ensure it had robust measures in place to protect this information. It should have had a written procedure in place which made it clear that any storage items removed from the office which may have contained personal were thoroughly checked before disposal.’
The ICO warned councils should have the appropriate staff and procedures in place to ensure personal information is properly looked after.
Simon George, the council's executive director for finance and commercial services, said: 'We want to reassure residents that we have robust data protection procedures and have tightened practice in the light of the case published today. As a council we take data protection very seriously and we are very sorry that our practice fell short on this occasion. We accept the ruling and the fine.
'There is no evidence that this information has been misused in any way and we are grateful to the member of public that quickly brought this to our attention. We voluntarily reported ourselves to the Information Commissioner and we undertook a careful review to ensure that we could learn from what happened.
'In the three years since this occurred, we have taken strong and effective action to ensure it is not repeated. This has included introducing robust procedures for office moves and training to ensure that our staff are aware of these procedures. Staff also receive mandatory rolling training to ensure they understand their overall data protection responsibilities. A recent voluntary ICO audit gave use the second highest rating for records management and training and awareness.'
