ICO slams Scottish Children’s Reporter Administration for data breaches

The Information Commissioner's Office has criticised the Scottish Children's Reporter Administration for twice leaking sensitive personal information about young children in breach of the Data Protection Act.

The Information Commissioner's Office has slammed the Scottish Children's Reporter Administration for twice mishandling sensitive personal information.

The Information Commissioner's Office (ICO) found the Scottish Children's Reporter Administration (SCRA) in breach of the Data Protection Act for both incidents.

In September 2010, nine case files containing names, dates of birth, social reports and referral decisions of children was sold to a second-hand furniture shop.

Just four months later, legal papers containing sensitive information about a child's court hearing were sent to the wrong e-mail address.

Both breaches resulted from the SCRA's failure to ensure its data protection and IT security guidance were followed by staff, the ICO said.

On both occasions the personal data which was compromised related to young children. The data breaches were caused by human error by SCRA staff that could easily have been avoided, said Ken Macdonald, ICO assistant commissioner for Scotland.

But in both cases the information was not circulated widely and the SCRA has since taken action to ensure the personal information it handles is kept secure, said Ken Macdonald.

"I would urge other organisations, particularly those handling sensitive information relating to young people, to follow suit," Macdonald said.

The ICO is working with the SCRA to raise its staff's awareness of its data protection obligations.

Neil Hunter, chief executive of the SCRA has signed an undertaking to ensure staff are made aware of the organisation's policies around the storage and use of personal data, and that sufficient checks are put in place to ensure the policy is followed in accordance with the Data Protection Act.

Read more on IT risk management