The Information Commissioner’s Office (ICO) is investigating Newcastle City Council after a data breach exposed the personal information of adopted children.
The north-eastern council has recently come under fire for the breach that saw the personal information of 2,743 adopted children – information which included sensitive data about the children, and included data on parents, social workers and former adoptees – sent out in an email by mistake.
On 15th June 2017, the spreadsheet was erroneously attached to the city’s adoption summer party email, and it’s estimated that it was sent to around 77 people. The actual number of people who viewed the spreadsheet remains unknown.
The city council admitted the mistake and explained the cause was human error and a failure to follow established procedures. They’ve also provided reassurances that they’ve taken steps to mitigate the breach by asking recipients to delete the email, and assured that a breach of this nature won’t happen again.
Impact on the individuals
Those who were affected by the breach have been contacted and a helpline (0191 211 5562) has been set up for those who are affected.
The breach may have caused a considerable amount of distress on the individuals involved. The only thing the city council can do is to ensure they impose rigorous staff training. The employee who sent out the email has been dismissed from office.
Newcastle City Council’s director of people, Ewen Weir, expressed his apologies:
“I am truly sorry for the distress caused to all those affected… The council takes data protection and confidentiality very seriously and has acted swiftly to understand what happened and who has been affected.”
The ICO has been notified of the data breach and confirmed they’re investigating the incident:
“…on 15 June 2017, an employee in the council’s adoption team accidentally attached an internal spreadsheet to emails inviting adoptive parents to the council’s annual adoption summer party.”
If the ICO finds there to be a failure on part of the city council, they have the power to impose a fine of up to £500,000. In June, the ICO fined Basildon Council £150,000 for a data breach for publishing the information of a family online.
In an ICO report, they note that fostering and adoption agencies process highly sensitive information on paper format, and digitally, which includes the personal information of foster carers, adoptive families and children. It also notes that local authorities send profiles of children requiring foster placements, and children awaiting adoption.
These profiles include medical histories, birth parent information, previous placement information, ethnicity, educational achievements, behavioural issue, etc… Due to the sensitive nature of this data, local authorities like Newcastle City Council have a higher duty of care to protect such sensitive and personal data.
Why this incident is very serious
Children who are fostered/adopted could be in danger where they’ve been taken away from their parents for safety concerns. As such, their personal data warrants enhanced protection.
Local authorities deal with and manage a wealth of information on vulnerable children. Which is why this data needs to be heavily protected.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.