14 DAY TRIAL // An iMac computer and some papers containing sensitive information were left behind by the London Borough of Southwark for two years after they moved to a different location.
The Information Commissioner's Office was alerted on June 3 2001, after the building's new tenant disposed of all the waste that was left behind.
The computer and the documents contained names, addresses, ethnic background, medical history and criminal convictions of 7,200 individuals.
The disturbing thing is that the council did have policies set in place for handling sensitive information, but they failed to follow them when they had to move at the end of 2009.
It turns out that no one knows how the papers were left behind, but the iMac that stored all the data didn't have any encryption software installed and was unaccounted for since 2003.
“The fact that thousands of residents’ personal details went missing for over two years clearly shows that Southwark Council’s policies for handling personal information are below standard,” said Sally Anne Poole, acting head of enforcement.
“As this information was lost before the ICO received the power to issue financial penalties we are unable to consider taking more formal action in this case. Southwark Council has committed to putting changes in place and we look forward to completing an audit next year to help them to identify further improvements.”
Even though they were not left outside and unprotected like in other situations, the items should have been properly transported and secured.
Hopefully, the institution learned something from this incident as they now vow to ensure that from now on personal data will be processed in accordance to the Data Protection Act.
Recent reports show that many companies fail to setup any kind of policies regarding the handling of sensitive data. This makes us wonder how those companies handle information if the ones that do enforce such regulations fail to abide by them.