Feeds

back to article £250k fine for dumping council workers' files in Tesco bins, er, binned

I have just read the information tribunal decision and the reasons why the panel quashed the UK Information Commissioner’s £250,000 fine against the Scottish Borders council. The local authority was punished after a worker dumped employees' private data in bins at a nearby Tesco and another unnamed supermarket. It seems clear …

COMMENTS

This topic is closed for new posts.
Silver badge

Fining public bodies is a disgrace, it just impacts the people funding them. Unless the fines are taken from the execs pension funds! The punishments should be expanded to require dismissals of managers and staff where appropriate.

7
1
Thumb Up

Fines

I agree - the fines should be charged to the individuals responsible. If it impacts their own pockets then they might take these matters more seriously.

7
1
Bronze badge

Thank you,

this was a very good/informative article.

Perhaps the Data Controller should be a named individual, rather than an organization. Then an Enforcement Notice could include a ban on that individual, or require evidence of suitable education.

2
0
Bronze badge

Hmmm

"typically… a name, an address, date of birth, national insurance number and salary. In some cases the files contained bank account details, a signature, a nominee to receive benefits”. In other words there was no sensitive personal data involved". I beg to differ this is sensitive personal data.

Otherwise a very interesting article.

2
2
Bronze badge
Stop

Re: Hmmm

@Matt: The key word there is "sensitive". The data is definitely personal, but not the higher category.

0
0
Bronze badge

Re: Hmmm

I would consider my bank account details and signature as "sensitive" information, especially when combined with name, address, date of birth and possibly NINO.

Sensitive in this context doesn't mean information that could affect sensibilities, e.g. embarrassing or intimate; it means data that can compromise the security of important things - in this case, the bank accounts of the people who's data was carelessly discarded.

0
0
Bronze badge

Given the act has been in force since 1998 its beyond doubt the person/s dealing with the documents knew about the act but chose to ignore it that's why work places have sensitive material boxes available which are safely destroyed.

Secondly a name,address, date of birth, national insurance number and salary is quite clearly considered sensitive data as defined under the act ,that's the whole point to provide adequate protection from misuse of such data.

3
2

In what way are the details you list defined under the act as sensitive data?

Are they:

- racial or ethnic origin

- political opinions

- religious beliefs

- trade union membership

- physical or mental health

- sex life

- criminal records?

Doesn't look like it, does it?

5
1

As the first Data Protection Officer I ever worked with put it - sensitive personal data means the things that the Nazi's killed people for

1
0
Anonymous Coward

"Finally, I think the idea of an MPN levied against any public sector data controllers lacks logic; there should be instead an offence associated with deliberately ignoring or grossly neglecting an obligation to comply with a data protection principle."

There should be both; an MPN levied against the named individual responsible for compliance in that specific case (and followed by their dismissal), and if no individual can be identified an offence of "failing to supervise" where the elected representatives (councillors or ministers) responsible for supervising their departments get automatically booted out of office, no pay-offs or parachutes.

2
0
Anonymous Coward

Sensitive Personal Data

It looks like some commentators need to remind themselves what Part 1 Section 2 of the Data Protection Act 1988 actually says. These records were clearly not within the definition of 'sensitive personal data'.

2
1
Silver badge

What a huge amount of wasteful bullshit

All those boards and panels and committees and guidelines and bureaucratic crap. Costing how many millions of pounds of taxpayers' hard-earned money. And all failing to prevent someone doing the wrong thing.

A little common sense and common decency would go a long way. Fat chance.

1
0

So what you're saying is

That government bodies at every level are inept? Who knew? Next thing you know we'll have politicians distorting the truth to fit their own agenda (or someone else's if they've been paid enough).

1
0
Bronze badge

"name, an address, date of birth, national insurance number" you're saying this isn't sensitive personal data? Like to give me your details and I'll see what I can do with them?

This whole thing is legalistic timewasting, they're guilty, fine the idiots half their annual budget. As for the perennial harping on about the taxpayers paying the fine, that's ok, the taxpayers are responsible for what is done in their name.

1
3
Silver badge

Seemed sensible to me

Firstly, have you ever actually tried to get anything out of a supermarket paper recycling bank? It isn't easy, to put it mildly; and if you manage to avoid injury, then at the very least you will draw attention to yourself trying.

Secondly, who's expecting for there to be anything "interesting" in there anyway? Chances are the contents are mostly junk mail and newspapers. Yes, that's "security by obscurity" and therefore not especially strong, but the question "which one of thousands of pieces of paper out of which bin is the one I'm looking for?" is a bit of an obstacle.

Thirdly, if someone's paying for some "waste product", you can be reasonably confident that they are actually going to recycle it properly.

All things considered, there are worse ways they could have tried to get rid of it -- and easier ways to get hold of people's sensitive personal data.

0
1
Bronze badge

Re: Seemed sensible to me

The problem in this specific case was that the recycling bins were overflowing when the papers were added, which means it didn't take a major exercise to see the papers just someone glancing down at the ones that had fallen out.

0
0
h3
Bronze badge

I don't see the difference between people delivering junk mail to my door (And takeaway menu's) and fly tipping.

0
1
This topic is closed for new posts.