Feeds

back to article ICO wags finger at York council after data breach

The Information Commissioner's Office has slapped York council for breaching the Data Protection Act, after sensitive information was wrongly collected from a shared printer and then redistributed. The papers contained personal data that was sent to the wrong person, the ICO said today. A York council worker failed to spot that …

COMMENTS

This topic is closed for new posts.
Silver badge

A Quicker way

"York council is expected to have its new procedures in place by August this year, .."

This can be dealt with in less than an hour. Gather all the staff together, tell them, "If you take away or send out the wrong documents, then you're fired; so bloody well check them before you do anything with them."

4
1
Silver badge

A quicker way ? In an aministration ?

Come now, they're not supposed to be quick, people would get used to that.

Besides, nobody took any documents away - they just left them on a photocopier, and someone else didn't check that it was his stuff, nor even whose stuff it was, and just copied it and sent it off.

That part bugs me a bit. To who were the copies sent ? To all newspapers, as per Standing Copy Order #17b§5 ? Or just internally ?

0
0
Silver badge

Printer options

Decent laser with print and hold functionality looks needed.

0
0
FAIL

re: Decent laser

Actually no. When our current lot of printers arrived from the supplier I found on the hard drive, unencrypted and undeleted, a selection of highly confidential psychiatric reports on a former employee of a nearby city council including depositions from a half dozen interested parties.

Anonymous, for well...

0
0

it's that word again!

--------------------------------------------------------------

The ICO found that York council had "robust policies and procedures in place covering the handling of personal data" but said the printer gaffe "highlighted a lack of quality control".

--------------------------------------------------------------

Erm.... then their policies don't *really* qualify for the description "robust" then, do they?

4
0
Silver badge

No, no, that's not it

They HAVE robust procedures, they just don't USE them.

1
0

Robust? yet new ones coming?

This is typical of approach taken in this kind of situation.

Robust procedures work, and therefore do not need to be replaced .. so which is it? were they robust or do they need to be replaced.

Why don't the council just take the line "lessons learned" and be done with it.

While there is no real consequence for data loss then all the robust procedures in the world are of no use.

0
0
FAIL

Price of a Printer

The're probably on shared printers to "save money".

If you have people handling sensitive data, they should have a printer in a secure area

Another case of bean counters over ruling comon sense

1
0

Or, you get decent shared printers with secure printing

You don't get you queued job until you stick your PIN in.

Works pretty well

1
0
Anonymous Coward

Print and Hold

Password protected print and hold is the answer. With automatic delete if the print isn't collected within a certain time.

But not like an organisation I could mention where the employer decided user's print passwords should be set to their employee numbers and not changed. The reason given being it would be an IT support headache having to deal with all the users who forget their print password if they were changed regularly! How hard is it to find out a colleague's employee number exactly.

0
0
Headmaster

Slight correction

"York" isn't actually a logistical governement unit, "North Yorkshire County Council" has to give way to "City Of York Council" in matters that pertain to York itself, what with it being a Unitary Authority and all that.

Everyone here loves those smiley little buggers down at Saint Leonard's Place. They really do brighten up our lives with their fair minded decisions and enlightened policies. Ahem.

0
0
Big Brother

Internal Communication

Reading through the pile of uncollected prints piled by the printer is the only reliable way of finding out what's going on in our organisation. Please don't ruin that by introducing yet more 'policies and procedures'.

0
0

IT?

Human error surely, could have happened anywhere? Should councils be expected to tag sensitive docs with metadata to stop them being printed? York's 'Office of the Future' is an example of it being done right...

0
0
Thumb Down

Wrap the knuckles of the little ones while the big bullies go unchallenged

Well whoopey a lowly paid pen licker gets knuckles wrapped by Sir Christopher Graham. Bloggers following the ICO feel there is a clear trade off between quality and quantity with the rulings the Information Commissioner's office has come out with, and while the number of Decision Notices issued has clearly increased the quality of the Information Commissioner's office decisions has been on the decline with volume replacing substance.

For example if you think the Information Commissioner will come to your aid in having DNA records and records of arrest removed that the police should not keep after a court rules you have no case to answer, do not hold your breath. He will come out all in sympathy and then quote all the obsure laws and exemptions to you mentioned before. Another case solved by Chris and his toothless tiger team.

Christopher Graham became Information Commissioner in June 2009. He reports directly to parliament. He should be the first to point out to the government, hey with a million innocents on a crime data base, we have some important data protection principles being trampled upon by the police forces in England. Instead he tries to see it this way, then that way, anything but a principled defense of our civil liberties.

It's much safer to slap a few fines on underfunded councils.

1
0
This topic is closed for new posts.