ICO warns councils over security of social services data after Somerset breach

The Information Commissioner’s Office has warned local authorities to make sure they have adequate measures in place to keep information held by social services departments secure.

The call came after the watchdog criticised Somerset County Council for the way it handled a breach of the Data Protection Act that saw a social service assessment of a local teenager sent to the wrong family.

Somerset County Council reported the breach to the ICO in February this year. The assessment contained sensitive personal information about the teenager’s behavioural history and medical background.

The mistake was made by an employee in the social services department who was handling two similar cases at the same time, an ICO investigation found.

The watchdog said there were failings about how the incident was handled, with the recipient first being told by another Somerset CC employee to throw the assessment away. They were then advised to wait for it to be collected by the council.

Somerset’s chief executive, Sheila Wheeler, has signed an undertaking to make staff aware of the authority’s policies and procedures and to provide them with appropriate training.

The council is also to introduce quality control checks that will be made before documents containing personal data are released.

The ICO’s acting Head of Enforcement, Sally-Anne Poole, said: “The information collected by social services departments is often extremely sensitive. Local authorities should make sure they have adequate measures in place to keep this information secure, especially where there is the potential for human error.

“Even though the information was returned to the council the damage had already been done and will have caused considerable embarrassment to those affected.”