Feeds

back to article Child abuse files stolen from council worker in PUB - £100k fine

The UK's data protection watchdog has fined two English council bodies a total of £180,000 after finding they had failed to keep "highly sensitive information" about children secure. Croydon Council was fined £100,000 after a bag containing papers about a child sex abuse court case was stolen from a social worker in a pub in …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
FAIL

Once again..

A councul are "fined".

In other words, the councul tax payers have been "fined"...

Makes my piss boil....

16
0
Silver badge
Big Brother

@cornz 1

Totally right - let's have a bit of fining the cretin who screwed up.

No - let's have a LOT of it.

It just might encourager les autres, to coin a phrase...

3
0
WTF?

Re: Once again..

Grubberment department sanctions other grubberment department by moving taxpayers money about. Still be fair, if they didn't do something to use the "fines for loosing stuff" budget it would be cut back the following year.

Lets see, last place I worked.

Sharing your password - Immediate sacking.

Leaving sensitive information unsecured on your desk - Immediate sacking.

Copying data to either an un-encrypted laptop or USB device - Immediate sacking.

Failing to lock your workstation when away from workstation - possible disciplinary action.

Causing the company to be fined 100K - FFS, Immediate sacking, wife sold as a sex slave, children sold to vivisectionist, and emigrate if you ever want to work again.

Meanwhile council wan^H^Horker who loses information about vulnerable children in pub - annual increment.

They need a lesson in reality, don’t they.

4
1
Headmaster

Re: Re: Once again..

If someone proposed a "fines for loosing stuff" budget I would expect them to be summarily dismissed for being grossly incompetent in a required language skill.

1
1
Silver badge
Coat

Re: Re: Re: Once again..

Like the hound of the baskervilles, was the data loosed upon the earth! And it roamed to and fro, never to return to its rightful owner.

2
0

Re: Re: Once again..

....Did you work in the UK, Field Marshal? If so, was it within the last 20 years?

Under UK employment law, you can't be "immediately sacked" for any of the things you mentioned (possibly with the exception of losing the company 100k) as none of them are definable as gross misconduct. Disciplinary action may be invoked in some of those examples, but there are various procedures that must be followed during such action before dismissal can be considered, and then only as a final recourse, just about anything else can be considered as either unfair or constructive dismissal and that gives you a legal case to put before an employment tribunal.

Unless, of course, they had been included as specific clauses in your employment contract and you had voluntarily agreed to them.

Oh, and if you work in a "secure government role", in which case you can certainly be dismissed if you cause a serious breach of security through direct action (but not INaction).

0
0
Silver badge
WTF?

Working from Home?

WTF was this information doing floating around outside the office anyway ... lost in the pub?

Where's the stocks when you need them ...

5
0
Anonymous Coward

Clearly you never have worked in Social work...

"WTF was this information doing floating around outside the office anyway"

Well lets see, they could of travelled 200 miles to a meeting or a client which required mountains of paperwork and then god forbid, after a 12 hour day, this personal ,may , just may, wanted something other than a limp sandwich to eat.

If that sound far fectched, trust me it's not, I'm married to a social worker and know about 20 others, and 400 mile round trips are not uncommon.

But I guess your solution would be to get up at 5 am, pick up the documents from the office, drive 200 miles, do the meeting, and then drive back, without any stops (including petrol) and then deposit it straight away back in the office.

Before you say use VC, well good luck getting doctors, police, social workers, health visitors and not forgetting the "clients" all hooked up and working.

But hey you sit on your ass and type away all day while the rest of us live in the real world.

10
25
Anonymous Coward

or they could

ship them by their secure courier to the CP unit local to the conference so the chairperson (locally supplied, trust me on that) would keep them in the office safe, return them after via the secure courier.

NO, rather a tesco bag and pub lunch on expenses.

5
3

Just saying

"But hey you sit on your ass and type away all day while the rest of us live in the real world."

In the "Real World" ®, many people that lost that sort of sensitive / personal data would be instantly sacked without compensation.

".. your solution would be to get up at 5 am, pick up the documents from the office, drive 200 miles, do the meeting, and then drive back ..."

Mny people do actually do just that. For 6 months, I drove to places in London (av. 260 miles) and back 5 days a week, leaving home at 5 am and getting home 9 - 10 pm after a full days work.

For 10 years, I was a school governor. In that time, I had to sit on a large number of committees at which social services were required to attend. In that time, about 40% of meetings were wasted because the social worker never turned up, or when they did so, they had the wrong information.

I would also highlight that they were always paid even when they didn't turn up; my colleagues and I didn't even claim expenses. Whilst I do have some sympathy for the work that they do, my view of most social workers is not a positive one. And I would suggest that many others feel the same way from similar experiences.

11
2
Anonymous Coward

You can make up as many excuses as you like, but allowing personally sensitive data out of your sight in a public location such as this is a massive herp derp. It's not a one-off, it's a sadly repeated state of affairs across all sectors and it seems no one is learning from these errors because they do not punish the culprits - just our tax.

This information should never have been taken into the pub - lock it in the car after your 400 miles round trip. If we backed up our commercially sensitive data on a public facing blog instead of a secure storage server, we'd be rightly crucified. Leaving written data unattended in a pub is the same thing.

11
2
Childcatcher

No, but I do carry sensitive data...

I have personal data on my laptop relating to the students I support and I regularly make trips of that kind of distance.

My bag gets placed on the seat next to me, preferably between me and the wall. When that isn't possible, it gets placed between my legs - often with my foot hooked through one of the straps. No-one can get to my bag without seriously invading my personal space in a very noticeable way.

There is simply no excuse for having your bag stolen in a pub.

12
1
Anonymous Coward

I hope the social workers who "lost" the documents in the pub had his bank accounts checked for unexplained wodges of cash being deposited.

I mean, if you carry records like that, you don't let them out of sight, even in a pub, you keep hold of the damn bag at all times. If you ask me, its very suspicious.

0
4
Silver badge

@ac 1224

Never attribute to conspiracy what can be put down to stupidity.

2
0
Unhappy

Re: or they could

What is suggested is a sensible idea. (in lieu of proper secure electronic linkage)

It will not happen

The council officer that suggests using a courier service on a regular basis to move the confidential data, will be volunteered for redundancy at the next round of job cuts, for "wasting money".

Councilors (the elected), are only interested in spending money on vote winning stuff, not data security, which they don't understand anyway.

This goes with the number Data Protection officer posts that have been cut in local authorities, with the role dumped on some other officer as his 3rd or 4th duty responsibility, on top of running whatever department or directorate in the council.

Most data heavy organisations with £300m+ turnover, 5000+ staff, and 400+ business functions, would normally have a full time security manager, however in the average local authority this is just tagged on to the back of somebody's JD.

So if anybody wants appropriate security at your council, go see your counilor, and tell him that unless he gets security sorted you are going to vote for somebody who will. This is the only way to improve the situation.

1
0

This post has been deleted by its author

Thumb Up

Re: Re: or they could

@ Despairing Citizen

Agree with everything you say. You speak the truth sir.

It's the same throughout the public sector. I work in IT for the NHS and it's exactly the same here. Thankfully the lower payscale workers (i.e. anyone who isn't senior management or a doctor) now recieves training on data protection issues.

However with inevitable predictability it's the senior managers and doctors, who can't be bothered to turn up because they''re far too important, who are the main culprits of data protection breaches.

I'd love to list off the examples I've seen with my own eyes but again with inevitable predictability the senior managers and doctors concerned walk away totally and utterly scott free while if I were to mention the breaches here and got found out I'd be out on my arse faster than you can say Data Protection Act.

NHS Reform? Yeah, sack half the managers. No one would ever notice. I promise.

1
0
Stop

Re: Just saying

"In the "Real World" ®, many people that lost that sort of sensitive / personal data would be instantly sacked without compensation."

Err.....no. They may face corrective or disciplinary action, but an INSTANT sacking would be a breach of UK employment law. Also, it is not in the employers power to decide whether they would be "compensation" or not; that will either be a clause in the employment contract or at the discretion of an employment tribunal or court.

"Mny people do actually do just that. For 6 months, I drove to places in London (av. 260 miles) and back 5 days a week, leaving home at 5 am and getting home 9 - 10 pm after a full days work."

If this amount of travel is a requirement of your employment then your employed may be in breach of the EU working directive laws (limiting your working hours to 48 per week, INCLUDING travel times) and possibly also in breach of the UK employment laws which state that an employee must be permitted 11 hours between shifts (defined as a "working period") before being required to return to work.

Folks, there are a lot of knee-jerk "Sack them/I'd be sacked" stuff being posted on this forum; I *strongly* suggest you find out about your employment rights, get a copy of your contract (if you don't have one, you're being illegally employed) and join a union!

Get educated before your employer tramples you in the name of profit or simple expediency.

0
0
Meh

Re: Re: Just saying

I reckon a lot of employers are in breach of a lot of laws regarding welfare of staff, but they can get us to work for them anyway because we and they know another mug is ready and waiting to earn a crust.

"A-ha! Just do what you're legally obliged to do because you can't be sacked."

Yes, great solution until you end up in an arms race where minor infringments become disciplinary matters instead of informal chit chats until, eventually, you find yourself out of a job having no reference. There's no end of rules and bullshit they can make up if they don't want you there. It's best in most cases just to shut up and take the shafting, or find another job. Not all of us are prepared or so financed that we might drag it through the courts where a 50/50 result awaits at the outcome.

0
0

Make the fines change the behaviour

As we all know, fines for government bodies simply get paid by the taxpayer / council tax payer.

We'd have a more accountable system if a proportion of the fine was a surcharge taken from councillor's attendance fees.

12
0
Unhappy

Not really

The councillors would just claim the fine on expenses. Until someone is sacked for an offence like this, attitudes will not change.

Being a data protection officer is not just being registered with the ICO, it is being responsible for protecting data. The managers above the DPO are equally responsible for ensuring that procedures are in place.

In private industry, heads roll when there are data breach screw-ups, it may take time, but someone (not always the right person) is made pay. Why is it that this never happens in the public sector?

5
1

Re: Not really

"In private industry, heads roll when there are data breach screw-ups"

Alas, that, too, is complete bollocks. People just hide behing employment law. If you try to sack someone for being utterly shit at their job and frequently disclosing confidential information they will just claim they were improperly trained and take you to tribunal. It is damn near impossible to sack someone for incompetance these days.

We have a HR manager that frequently miss-uses the Outlook Adress Auto-complete feature to send confidential information to all and sundry - but feck-all ever happens.

1
2
Anonymous Coward

Re: Make the fines change the behaviour

Unfortunately "New Liars" got rid of surcharging

and

the Clownservatives got rid of the public body responsible for checking what the elected idiots get up to. (Please note appologies to the roughly 10% to 20% of councilors who do, or attempt to do, a decent job)

0
0

Costs Them Nothing

I have said it before, take the fines out of the senior managers salaries, they are supposedly being paid to take the big risks associated with their roles and also in cases like this, fine the actual people who were negligent with the data.

Fining the council, as cornz said, just comes out of the tax payers pocket.

15
0
Mushroom

Wrong fine, wrong target

The fines should have been the maximum £500,000 and been direct at the individuals involved, not the council. Only when this starts happening will people start treating sensitive information correctly, until then, they just won't care.

10
1
Silver badge
FAIL

[We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen. ]

Please explain this in laymens terms, does he really mean that even though they KNOW in advance that bags may be stolen that they still ACCEPT to allow employees to carry sensitive information within said bags.

Isn't that a little like asking ham fisted morons to deliver loaded guns with faulty triggers. " We know that someone will eventually drop a gun - like all of us - sometimes people just get shot"

If this information is so sensitive why is it being delivered by council employees ?

Worst case scenario should be a signed and tracked delivery.

Better case scenario : the information is retrieved from the council office by the "verifiable" intended recipient.

Best Case Scenario : Well there is none really because a member of "Anonymous" would have already cracked the secure login, hacked the database, distributed the case files to the Sun and then denied everything.

7
0
Anonymous Coward

WTF?

If this information is so sensitive why is it being delivered by council employees ?

Errr who else do you propose delivers it?

Worst case scenario should be a signed and tracked delivery.

What like a couple of CD by courier? What happens when it gets lost in the post.

Better case scenario : the information is retrieved from the council office by the "verifiable" intended recipient.

Riiighhhhhttttttttt. Hi Mr & Miss Scumbag, No 99 scumbag towers. Any chance you can come to pick up the documents relating to your child protection order.

Thanks,

Hugs and kisses, Social Serivces.

Shheess, some people in IT really live in a fucking bubble.

4
11
Silver badge

[Errr who else do you propose delivers it?]

Why not use professional delivery people, thats why they exist.

[What like a couple of CD by courier? What happens when it gets lost in the post.]

And just what do you think "tracking" is actually used for.

[Riiighhhhhttttttttt. Hi Mr & Miss Scumbag, No 99 scumbag towers. Any chance you can come to pick up the documents relating to your child protection order.]

Thats exactlly what I have to do when I get a new passport, I have to go myself, with my papers, to the consulate. Where's the problem, I prefer doing that than taking the chance that some numpty loses it in the pub.

[Shheess, some people in IT really live in a fucking bubble.]

Please describe the "fucking bubble", I think you will be surprised to learn that most of us actually do have lifes and are capable of a reasonable amount of rational thought..

6
4
Anonymous Coward

What?

"And just what do you think "tracking" is actually used for."

We've had couriers lose full 32u racks! Tracked or not tracked they still loose them. I've had a passport lost via courier, so they still get lost.

"Thats exactlly what I have to do when I get a new passport, I have to go myself..."

Right, so getting a new passport is the same a some alcholic, crack addict potentially losing there kids. Yup exactly the same.

As for living in a bubble? Yes we do, just as most other professions do. Ask a Social worker / Doctor / Teacher how good and usuable their IT is and see what answers you get. Hell half the time they have to print the documents because the remote working is so utterly shit, they have little choice.

3
2
Silver badge
Thumb Down

Unlucky bugger

Just reading your post makes me realise just how lucky I am not to be an unlucky bugger like you.

Lost a 32u Rack, a passport, knows alcholic crack addicts that are about to lose their kiddies and apparently is aware of some major IT problems in relation to their Social worker / Doctor / Teacher.

It is starting to sound as though the common point on all those affaires need changing.

Go for a Holiday it sounds like you need it and if you work for an IT department change your job, judging by your attitude it appears normal that whoever you provide services to is bloody unhappy.

You don't wok for the council by any chance...... and deliver parcels to make up for poor wages........and then forget to take your bag at closing time........

1
1

"As for living in a bubble? Yes we do, just as most other professions do."

I won't disagree with you - "silo mentality" is a big problem in most industries and IT can be one of the worst. Too many IT professionals suffer with delusions of adequacy

"how good and usuable their IT is"

That will depend on a number of factors; all too often people complain that something doesn't work when in fact they don't know how to use it (or what they should be using it for). This is another very common problem, and if I had an answer for you, I would probably be making millions.

"the remote working is so utterly shit"

Remote working is not new, and there are lots of people that use it on a daily basis. We have several sites over the UK and Western Europe, with a number of people working remotely every day. It can be very effective (I was managing an ERP system from a hotel room in another country a month ago) but only if the people using it have been trained.

That doesn't mean that remote working is always going to be ideal - if you are trying to work on a crap broadband connection, or a piss poor wifi, then you will have issues. Equally, if you have a half decent connection, but everyone and his dog is streaming the news / pr0n / last nights footie match on the same connection, it will be a less than stellar experience.

But none of that is an excuse for someone taking sensitive documents into a public place and losing them; and the main issue is that this happens over, and over, again. As many others have pointed out, once again it is the taxpayer that will foot the bill; surely we now have the right to ask why we are having to stump up cash because once again, someone has fouled up?

2
1
FAIL

RTFA annomotard @9:40

IT?????? How did IT creep into this thread, still why let such mundane things like facts interfere with your opinion:-

1) "bag containing papers about a child sex abuse court case was stolen from a social worker in a pub"

2) "social worker hand-delivered a report featuring to the wrong address.

1) was unfortunate, but the social worker should have secured the papers better than that, and 2) is just incompetence. I don't see any IT cock-ups there.

0
0
Anonymous Coward

Remote working

Indeed, my sister managed to use Citrix for many years - and she still thinks the tower is the hard drive (despite my having showed her one, then a few years back her new Acer having to go back within a week because the hard drjve failed, and despite the fact I recently pointed out my external hard drive enclosure to her. On second thoughts, don't get me started about my sister!).

0
0
Unhappy

Re: professional courier service

"Why not use professional delivery people, thats why they exist."

Ok, now find a professional courier service.....

I have had lots of problems at a number of organisations, finding a courier service that didn't wreck the engineering drawings being sent off site for scanning. This includes large national and international courier companies.

If it is really that imprortant for secure delivery, then doing it in person is probably the best chance of getting towards 100% success, and at least there is a clear line of responsibility.

PS

the best courier service I ever worked with was a small local firm, they were significantly closer to 100% than the main national carriers.

2
0
Black Helicopters

This is starting to sound like

the sort of dead-letter drop you read of in spy fiction. I trust that the "thief" did leave the council employee with the (rest of the) agreed sum in used £20 notes.

Or is that too outlandish an explanation?

2
1
Silver badge
Mushroom

Government IT gets worse.

They can't even keep paper files safe.

0
0

Sadly

I just find it incredible that an employee would be taking such sensitive information into a pub.

Surely you don't need Data Protection Training to realise that's not a good idea?

9
0
Pint

Quite

My first thought on reading this "another set of sensitive info lost in pub" story. Why is anybody taking anything like this into a pub in the first place? Presumably it's a matter of stopping off for a quick drink on the way home rather than going out for the evening carrying your work with you. No harm in that in itself, but if the employee is so desperate for alcohol that it overrides common sense, he shouldn't be employed in a responsible job.

6
1

Council "fined?"

Hmm. That means we ALL end up paying for someone's cock-up in the end. Why are the punishments not directed at the person concerned? That might shake up their security a tad.

5
0
Silver badge

Things happen...

...and maybe this person with papers was going to be working from home, or going to court the next day; there's a few reasons they could have had that information on their person.

But in a pub? Really?

Here's a quick policy:

"Use the secure VPN to access electronic documents.

In certain cases you may remove restricted electronic material on encrypted media (do not carry the key with you at the same time).

If hardcopies are removed, these must be signed out to you and you must directly go from one secure location to another (which may include your home or other official location).

Failure to follow this policy will be considered gross negligence leading to summary dismissal.

Any orders to not follow this policy are void."

If they had been mugged at the train station trying to get home, that would be unfortunate and they're not to blame. But seriously...the pub?

Either sack the person responsible or sack manager (if they didn't impress upon the employee the need to take basic precautions).

6
1
Silver badge
Windows

Social workers

There's just no money for social workers.

Social workers and prison guards.

Pay peanuts, expect the odd chimp.

1
0
Gold badge
FAIL

@Winkpop

I think you'll find it's a whole troupe of chimps.

As for no money a few £100k is not uncommon for a management post. You need to get promoted out of front line work ASAP if you want the decent green.

Meanwhile the UK death rate for children known to social services departments remains about 7-10 children a week as the average case load can be around 30-40, rather than the target 20+.

Icon because in the UK socail Services *do* fail the people they are meant to protect, often by protecting the *wrong* people instead.

4
3

"The social worker at Norfolk County Council had failed to complete mandatory training in data protection "

If you don't instinctively understand the need to protect sensitive info, no amount of training is going to help.

6
0
Facepalm

FIRE THE MANAGERS!

Let's face it, this is hardly the first time (this week?) that sensitive personal data has been 'lost' by our glorious overlords. Clearly fining the council is absolutely NO deterrent whatsoever as the only people punished (correct me if I'm wrong here) are the taxpayers.

The only way to make those in charge take this seriously is to publicly fire the morons responsible who repeatedly let this happen. If whoever lost the data has undergone training, bye bye to them, if they haven't, sack the bloody managers whose job it is to make sure everyone knows the rules.

Signing bits of paper saying "Sorry, we won't do it again, honest" is not working!

2
0
Bronze badge
Pint

Incompetent

I was going to say that Croydon Council's social services department couldn't organise a piss-up in a pub.

It appears they can, and do.

Seriously though, they do appear to a bunch of bungling fcukwits based on what news coverage I remember from just the last couple of years.

That fact that the £100k fine will ultimately come from taxpayers pockets is the icing on the cake...

2
0

Local press could have a role

They should mention the fine every single time the write about any cuts to council services, or increases in council charges. Remind us of the amount of the fine, the senior manager responsible. Point out that the cut or price rise would have been unnecessary if they hadn't been fined. Every single time.

You can't realistically fine or fire a senior manager if one of the thousands of workers they are responsible for makes a mistake - nobody would do the job. But they should feel the pressure of a lot of angry voters.

6
0
FAIL

Fine should be taken

The fines should be taken out of the council staff salary pool. Or should mean staff involved are sacked.

Otherwise where is the incentive/pressure not to f**k up?

2
0
Anonymous Coward

What a nice neighbour

I've received stuff for my neighbours before and funnily enough I knocked on their door and handed it to them, rather than report it to the police

2
0
Stop

Re: What a nice neighbour

I don't think it said the neighbour reported it to the police. If I received personal confidential mail meant for my neighbour, I'd just pass it on (I wouldn't know what it was anyway). If I found my confidential info had been passed to them, I might well make life difficult for whoever did it.

1
0
Bronze badge

It has to be...

The governance-strategic-executive-operational arms of Councils should really be diverged and divested.

An operational error should not have strategic cost but it should have operational cost.

Sooooo....

Operational wages of council employees should be made up of fixed salary plus a bonus element.

The bonus element is part of council budget where operational costs are taken thereby limiting impact on tax payer, executive or governance arms.

basis: why should service user, governor, falsely termed Director (of department not annointed at Companies House) suffer loss because of poor operational practices?

Ans: because Whitehall dictates without accountability that it was so, is so and ever will be so (so there?)

0
0

Page:

This topic is closed for new posts.