ICO raps Wolverhampton CC after personal information dumped in skip

An organisation’s responsibility to keep information secure does not end when it is taken out of the building, the Information Commissioner’s Office has warned after finding Wolverhampton City Council in breach of the Data Protection Act by allowing confidential personal information to be disposed of in a skip.

The breach first came to the regulator’s attention in October 2010, when a local newspaper reported that council documents had been fly-tipped after being dumped in a skip at a community leisure centre. The skip had been stolen and the documents discarded.

The information included names, dates of birth, bank details, employment records and medical information.

An ICO investigation revealed that while the local authority had a written contract in place with a waste management company for the secure disposal of personal data, council employees “had failed to recognise the confidential nature of the information when they disposed of it”.

Wolverhampton’s chief executive has signed an undertaking to ensure awareness among staff of the authority’s policies on data protection and confidential waste management. The council has also agreed to provide appropriate training as well as ensure compliance is appropriately and regularly monitored.

Simon Entwisle, the ICO’s Director of Operations, said: “This breach demonstrates how important it is that staff who handle personal data have a good understanding of the need to keep it safe at all times – especially when it is being disposed of. An organisation’s responsibility to keep information secure does not end when it is taken out of the building.

“The thought of people’s personal details being dumped on the street is worrying enough, not to mention what could have happened if it had fallen into the wrong hands.”