TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction Related reading: UK—ICO calls for compulsory audit power to be extended

rss_feed

""

A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.

The files in the cabinet contained information about the injuries suffered, family details and amount of compensation offered, as well as confidential ministerial advice. An investigation by the UK Information Commissioner’s Office (ICO) resulted in a civil monetary penalty of 185,000 GBPs being issued to Department of Justice Northern Ireland (DOJ NI) for what was described as a very serious data breach.

The incident occurred when the Compensation Agency Northern Ireland, which falls under the DoJ NI’s remit, moved offices in February 2012.

Staff did not realise the locked cabinet contained sensitive information, and it was earmarked for auction alongside other unwanted furniture. It was sold without a key to a member of the public in May 2012. When the buyer forced the lock, he found papers dating from the 1970s to 2005. The buyer immediately contacted the Police Service Northern Ireland, who returned the papers to the Compensation Agency.

While there was an expectation within the agency that personal data would be handled securely, the ICO investigation found limited instructions to staff on what this meant in practice, despite the highly sensitive information that was being held.

The monetary penalty notice is available here.

Comments

If you want to comment on this post, you need to login.