By Debbie le Quesne

Archive for the ‘data protection’ Category

Data protection: Does a £100,000 fine sharpen our view?

leave a comment »

Data protection is big business and maintaining compliance critical to avoid some very heavy fines.

Sensitive material included in DBS checks means that we are always diligent and the office kept secure. It may appear at times antisocial, but we don’t make the rules for this particular service we offer.

I must admit , however, I was surprised to see how steep fines can get, having read a piece in the Guardian about a county council being fined £100,000 after files containing highly sensitive personal details of more than 100 people were discovered in a disused building.

These social care files were found along with 45 bags of confidential waste at Town End House in Havant, Hampshire, by the new owners of the building after it was bought in August 2014.

The article stated the forgotten documents were found to contain “highly sensitive” information about adults and children in vulnerable circumstances, according to the Information Commissioner’s Office (ICO).

Officials at the ICO, which levied the fine on Hampshire county council, said there could have been “distressing consequences” if the data had ended up in the wrong hands.

The case appears complex and Hampshire county council is full of apologies. But the bottom line is that the council failed to look after the information for which it was responsible.

It serves as a timely reminder for all social care operators to be diligent over client files.

A single look at the local social care contracts and it is blatantly apparent the local authorities are twitchy about the Data Protection Act.

Data Protection is mentioned about 20 times and care just once or twice. . . it says it all.

The Information Commissioner’s Office is an independent official body whose role is to oversee all information legislation, including promoting access to official information and protecting personal information. All public and private organisations are legally obliged to protect any personal information they hold. Public bodies are also obliged to provide public access to official information.

Information legislation protects the human rights of people using services by ensuring information about individuals is:

  • Held only with consent
  • Held securely
  • Shared only on a ‘need to know’ basis
  • Accessible to them.

Confidentiality of information is a key part of maintaining dignity for those using health and social care services. The Data Protection Act (DPA) 1998 requires public bodies and their data controllers to comply with a range of data protection principles. There are some limits on confidentiality and these apply where there is a risk of harm to other people.

How should data protection affect the way we work?

It is even more important these days that documents, including emails, which contain personal data are:

  • Kept in an orderly fashion
  • Filed on registered electronic devices or in paper files as soon as practicable if they are to be retained;
  • Erased or destroyed when they are no longer required
  • You should not keep random collections of odd papers or old emails. If they need to be retained, they should be properly filed, as mentioned above
  • You should observe a clear desk policy
  • You should satisfy yourself that, if required, you could retrieve personal data for which you are responsible, to answer an enquiry from a data subject

All very legal, I know, but being sorry after the event doesn’t recover fines incurred.