The Information Commissioner's Office has slapped York council for breaching the Data Protection Act, after sensitive information was wrongly collected from a shared printer and then redistributed. The papers contained personal data that was sent to the wrong person, the ICO said today. A York council worker failed to spot that …
A Quicker way
"York council is expected to have its new procedures in place by August this year, .."
This can be dealt with in less than an hour. Gather all the staff together, tell them, "If you take away or send out the wrong documents, then you're fired; so bloody well check them before you do anything with them."
A quicker way ? In an aministration ?
Come now, they're not supposed to be quick, people would get used to that.
Besides, nobody took any documents away - they just left them on a photocopier, and someone else didn't check that it was his stuff, nor even whose stuff it was, and just copied it and sent it off.
That part bugs me a bit. To who were the copies sent ? To all newspapers, as per Standing Copy Order #17b§5 ? Or just internally ?
Decent laser with print and hold functionality looks needed.
re: Decent laser
Actually no. When our current lot of printers arrived from the supplier I found on the hard drive, unencrypted and undeleted, a selection of highly confidential psychiatric reports on a former employee of a nearby city council including depositions from a half dozen interested parties.
Anonymous, for well...
it's that word again!
The ICO found that York council had "robust policies and procedures in place covering the handling of personal data" but said the printer gaffe "highlighted a lack of quality control".
Erm.... then their policies don't *really* qualify for the description "robust" then, do they?
No, no, that's not it
They HAVE robust procedures, they just don't USE them.
Robust? yet new ones coming?
This is typical of approach taken in this kind of situation.
Robust procedures work, and therefore do not need to be replaced .. so which is it? were they robust or do they need to be replaced.
Why don't the council just take the line "lessons learned" and be done with it.
While there is no real consequence for data loss then all the robust procedures in the world are of no use.
Price of a Printer
The're probably on shared printers to "save money".
If you have people handling sensitive data, they should have a printer in a secure area
Another case of bean counters over ruling comon sense
Or, you get decent shared printers with secure printing
You don't get you queued job until you stick your PIN in.
Works pretty well
Print and Hold
Password protected print and hold is the answer. With automatic delete if the print isn't collected within a certain time.
But not like an organisation I could mention where the employer decided user's print passwords should be set to their employee numbers and not changed. The reason given being it would be an IT support headache having to deal with all the users who forget their print password if they were changed regularly! How hard is it to find out a colleague's employee number exactly.
"York" isn't actually a logistical governement unit, "North Yorkshire County Council" has to give way to "City Of York Council" in matters that pertain to York itself, what with it being a Unitary Authority and all that.
Everyone here loves those smiley little buggers down at Saint Leonard's Place. They really do brighten up our lives with their fair minded decisions and enlightened policies. Ahem.
Reading through the pile of uncollected prints piled by the printer is the only reliable way of finding out what's going on in our organisation. Please don't ruin that by introducing yet more 'policies and procedures'.
Human error surely, could have happened anywhere? Should councils be expected to tag sensitive docs with metadata to stop them being printed? York's 'Office of the Future' is an example of it being done right...
Wrap the knuckles of the little ones while the big bullies go unchallenged
Well whoopey a lowly paid pen licker gets knuckles wrapped by Sir Christopher Graham. Bloggers following the ICO feel there is a clear trade off between quality and quantity with the rulings the Information Commissioner's office has come out with, and while the number of Decision Notices issued has clearly increased the quality of the Information Commissioner's office decisions has been on the decline with volume replacing substance.
For example if you think the Information Commissioner will come to your aid in having DNA records and records of arrest removed that the police should not keep after a court rules you have no case to answer, do not hold your breath. He will come out all in sympathy and then quote all the obsure laws and exemptions to you mentioned before. Another case solved by Chris and his toothless tiger team.
Christopher Graham became Information Commissioner in June 2009. He reports directly to parliament. He should be the first to point out to the government, hey with a million innocents on a crime data base, we have some important data protection principles being trampled upon by the police forces in England. Instead he tries to see it this way, then that way, anything but a principled defense of our civil liberties.
It's much safer to slap a few fines on underfunded councils.
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Analysis Uber, Lyft and cutting corners: The true face of the Sharing Economy