14 DAY TRIAL // The UK’s Information Commissioner’s Office (ICO) has fined the Aberdeen City Council £100,000 ($155,000 / €116,000) for exposing the personal information of several individuals.
The information in question was related to social services and it included details of vulnerable children and their families.
The files were uploaded on a website between November 8 and 14, 2011. They remained online until February 15, 2012, when one of the council’s employees searched the web for their own name and job title.
The information ended up online when a staff member accessed the documents from her home computer. A file transfer application installed on the device automatically uploaded the files to a website.
The ICO has determined that the Aberdeen City Council hasn’t implemented a home working policy. In addition, no measures have been put in place to restrict employees from downloading sensitive information from the organization’s systems.
“As more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure,” commented Ken Macdonald, Assistant Commissioner for Scotland at the ICO.
“In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information. On a wider level, the council also had no checks in place to see whether the council’s existing data protection guidance was being followed,” Macdonald added.
“The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months. We would urge all social work departments to sit up and take notice of this case by taking the time to check their home working setup is up to scratch.”