Norwood fined £70k for 'staggering' data protection breach
Highly sensitive information about the care of four young children disappeared after being left by a Norwood Ravenswood social worker outside a London home.
The charity was this week fined £70,000 by the Information Commissioner’s Office for breaching the Data Protection Act.
ICO head of enforcement Stephen Eckersley noted that “the children involved in this case were no more than six-years-old. Now they are in a situation where their most sensitive details could be in the hands of a complete stranger. The fact that the social worker had received no training while working at the charity on how to look after what is extremely sensitive information is truly staggering. This breach was entirely avoidable.”
The social worker had attempted to deliver detailed reports to the property of the children’s prospective adoptive parents last December. The occupants were not at home. When they returned, the reports — “including details of any neglect and abuse suffered by the children, along with information about their birth families” — were gone and the material has never been recovered.
Norwood is considering an appeal against the level of the fine.
A spokesman pointed out that “this money represents hard-earned cash raised for the charity by people who have gone on bike rides and run marathons and it pays for things like counselling and speech and language therapy”.
It had been “an isolated breach” of the Act, which Norwood had itself reported to the ICO. “Norwood took immediate steps to tighten its procedures in line with the Act to ensure incidents of this kind will not be repeated.”