A Cautionary Tale For Scottish Data Controllers

The Scottish Court Service (“SCS”) has been rebuked by the UK Information Commissioner’s Office (“ICO”) following a breach of the UK Data Protection Act.

The way in which the ICO learned of the breach is quite interesting, and is a cautionary tale for any organisation which controls data.

Last September Scottish tabloid The Daily Record published details of the discovery of court appeal files at a recycling area close to a special school in Clarkston, Glasgow. The files included details of a rape victim, and details of boys aged between 7 and 12 at the centre of abuse allegations.

The newspaper report came to the attention of the ICO, and a subsequent investigation by the ICO found that the papers had been “lost” (or, perhaps more accurately, “left for recycling at a public recycling area”?) by the editor of a series of law reports, and that the SCS, as data controller, had failed to meet its’ duties under the Data Protection Act to check how this individual intended to keep the shared information secure.

The SCS has signed a formal undertaking obliging it to ensure that personal data is processed in accordance with the Seventh Data Protection Principle (relating to the security of the processing as a whole and the measures taken by the data controller to provide security), and in particular to ensure that:

1. all staff are aware of SCS’s policy for the storage, use and disclosure or sharing of personal data (and are appropriately trained how to follow that policy);

2. adequate checks are carried out on contractors’ staff, and all parties to data-sharing will enter into a Memorandum of Understanding with SCS; and

3. compliance with SCS’s policy on data protection and with any such Memorandum of Understanding is appropriately and regularly monitored.

These strike me as sensible procedures which any organisation that controls data would be wise to follow.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter: @BrodiesTechBlog feed

January 2011
« Dec   Feb »

%d bloggers like this: