WTF! Whats the point in fineing councils. Its Taxpayers money FFS! Its not the councils, they dont give a damn. People should go to jail for this sort of thing. That will "tighten training" fairly fucking quickly.
Data privacy watchdogs have fined Powys County Council £130,000, the highest fine the ICO has ever levied, for failing to protect the personal data of vulnerable young people. The Information Commissioner’s Office got out the big stick to punish the Welsh council after it sent details of a child protection case to the wrong …
Wednesday 7th December 2011 12:17 GMT Blofeld's Cat
Wednesday 7th December 2011 13:56 GMT Northern Fop
Wednesday 7th December 2011 14:32 GMT Anonymous Coward
On the contrary...
...it can make perfect sense.
As Alexander Hanff tweeted last night it's possible that the ICO is turning into little more than a method of gathering yet another stealth tax for the treasury.
1.)ICO fines public body.
2.)Public body pays fine to government.
3.)Government effectively gives less money to the public body without ever visibly cutting their budget...
Thursday 8th December 2011 00:17 GMT moiety
Wednesday 7th December 2011 12:19 GMT iGoto
ICO's 'clout' score needs improving...
I sincerely hope that by the time private companies get a hold of 'anonymous' NHS data that the ICO's regulatory clout is sufficiently pumped up to add a few 000's to the fines they can hand out.
Although 130K might hurt a county council a bit, that wouldn't really raise an eyebrow at a large corporate.
Wednesday 7th December 2011 12:19 GMT Anonymous Coward
So the procedures that were going to be put in place, and the lessons learned after the first time weren't actually put in place or learned? Colour me shocked. I'm sure they'll get it right this time, though... a few more £130,000 fines and the council executives might have to start raising the council tax rate or close a few more libraries to avoid being hit by a slightly lower than accustomed annual uplift in their remuneration and bonus, which will surely sharpen their minds.
Wednesday 7th December 2011 12:19 GMT Paul_Murphy
>There is no excuse; basic errors such as printing highly sensitive and private child
> protection reports to a shared printer should not be happening in a modern and
> accountable government organisation
So a printer for each worker?
No printing of any sensitive information?
what is the answer (aside from the really obvious one, that people check to see what they are sending out) then?
Without knowing the role of the person being sent the information (private individual, social services bod, reporter?) it's difficult to say what is going on - the fact that the receiver knew both parties and reported the incident would say to me that they are not a private individual.
Wednesday 7th December 2011 12:19 GMT TheTick
“There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems,” she added.
Indeed - the underlying problem is that when these things happen then taxpayers, who were not at fault, have to pay a fine. Yet we hear nothing of the individuals who were at fault, or their immediate superiors, losing their jobs, being demoted or perhaps they themselves being fined.
No dis-incentives for failure along with "shared responsibility" means no one cares - I've seen it way too much while working in the public sector.
Wednesday 7th December 2011 14:00 GMT Anonymous Coward
Wednesday 7th December 2011 14:21 GMT Craig Chambers
Wednesday 7th December 2011 14:22 GMT riparian zone
too right, no one cares.
an interesting parallel to corporate identity that these institutionalised morons seem to project is that of being able to try to save face as an organisation - beloved officers and other made up management never seem to be accountable in an organisation which is publicly accountable.
Wednesday 7th December 2011 14:22 GMT Anonymous Coward
Shared printers are fine if you are using the right technology. Like only being able to release YOUR prints from the queue if you enter a passcode/swipe your ID badge. Not exactly new technology as its been around for years and has the handy side effect of ticking a CSR box as it reduces the amount of printing from people forgetting to actually get the printer to print.
Wednesday 7th December 2011 14:22 GMT Simon Neill
Well, yes a printer each is certainly not cost effective.
However, our shared printers have a secure print facility whereby sensetive documents can be locked with your user/pass and will only print out AFTER you log in to the printer. This way you have to physically be there and can stop this sort of mix up.
Of course, even with regular printing these things offset each print job such that only a RETARD could accidentally pick up parts of two print jobs and not notice.
Makes you wonder how many such measures actually are in place but the staff are too stupid to actually use them.
Wednesday 7th December 2011 14:22 GMT Sir Sham Cad
Have a shared print queue but require the user to log into the printer/swipe card in order to release the print jobs from that user. That way the sensitive info is only printed out when the responsible person is there to pick it up, not lying around waiting for a data breach to happen.
It's used all over the place, especially where printing costs money so you can have a "balance" on your swipe card.
Wednesday 7th December 2011 14:28 GMT Kirbini
Private shared printers is quite simple actually
1. set authentication on all network printing. That is, once you hit OK on the print dialog, another dialog comes up in which you must enter your network (or printer specific) credentials. This is more often used to prevent color printing or to audit printing for chargebacks but can be an effective privatisation tool as well.
2. Even better, set up printers so that the job queues but won't actually print until the user shows up and types in their unique code. The next job won't print until that user comes and types in their code. If it's a private print job, stand there until it is complete and collect your work.
Easy as that and common in many organizations.
Wednesday 7th December 2011 14:28 GMT Anonymous Coward
They HAVE to print out these documents, as often the people involved actually get a copy of them, also may have to go to a dozen other people.
Individual printer may be an idea, but then who's going to pay for them and then pay for maintenace and support.
How big were the documents. Picking an extra 2 pages up whe it's 5 pages is a silly mistake, but if a 300 page monster, easily done, especially if 20 others are printing out all the time.
let's face it, most of us of done it. I've sent print outs to printers 300 miles away and hope that someone listens ans shreds them for me...
And no I don't work for local goverment, but I'm a realist.
Wednesday 7th December 2011 14:28 GMT Owain 1
Printer requires password/ID swipe to print
I've seen two solutions to this actually used. In C&W you had to swipe your ID card on the printer to print your jobs there and then. We had a big office, but this seemed to work ok.
Or more cheaply: I've seen printers requiring you to enter a password at the printer to print something out. Job is held until password is entered.
Not rocket science.
Wednesday 7th December 2011 14:32 GMT pig
A solution implemented where I work is that all staff need their ID card to print.
You send a print job then go to any printer and log into the printer via nfc "wave". You can then print out the jobs.
This solves the issue of people sending print jobs, then forgetting them and reprinting them multiple times. You can literally only print if you are physically at the printer.
It also cut down paper usage by nearly a half!
“There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems,”
The underlying problem is that most staff, and more importantly managers, in the sector still think saying "I'm not very good at computers" and then chuckling is acceptable.
In my previous contract (which was in that sector), I was regularly asked by senior managers to remove the "annoying encryption" on their usb drives. They were unable to operate a basic encrypted drive and so thought it perfectly acceptable therefore to remove that encryption so they could easier access that data on their home pcs, which were more then likely jam packed with crapware and spyware anyway.
The head of the department also inststed that someone forward all her GSX emails to her non GSX email account as she "couldn't access it properly". This according to her was I.T's fault and she saw no problem in both giving an admin temp access to her gsx account and thaving the emails forwarded (copy and pasted and then sent) to a non gsx accoutn.
When this is the attiude of those who run the departments is it any wonder that such cock ups occur?
Sadly it is exactly these people who are meeting to discuss how to fix the issues.....
Forgive me if I don't expect them to be fixed in a hurry.
Wednesday 7th December 2011 14:33 GMT zephus
Thursday 8th December 2011 09:47 GMT Anonymous Coward
Sorry, the 130K fine hurts the council not at all, it just comes out of the council tax fund and is written off against some other cut in services.
ICO fines to public bodies merely punish the innocent and let the guilty get off scot free I wonder whether the perpetrators and their managers even get a ticking off!
So, after last time "lessons have been learnt and procedures put into place" will be exactly the same quote this time round, and next time - a blatant lie, and the disseminator of that lie should also be sacked since s/.he knows it's a lie.
When was very young, I used to think councils (and Parliament) were answerable to the public. What a joke!
Wednesday 7th December 2011 12:20 GMT Anonymous Coward
Wednesday 7th December 2011 14:21 GMT JimC
Sacking people for making simple mistakes is a possibility of course
But you might run into problems with employment laws, and it leaves you with the problem of finding anyone better, and competent Social workers are pretty hard to get anyway.
I'd be interested to know though, what aspects of their own jobs the people recommending it reckon should be summary dismissal errors.
Wednesday 7th December 2011 17:47 GMT Sean Baggaley 1
Why should employment laws be an issue?
I've signed NDAs on a regular basis and it's made crystal clear that if I violate that agreement, I'd be sacked—and effectively blacklisted too.
If your contract stipulates that it is YOUR responsibility to ensure any confidential information YOU work with remains that way, you bloody well *should* be sacked for incompetence. "I'm not good with computers!" is NOT an excuse in this 21st Century. The bloody things have been in offices since the early 1980s. That's thirty f*cking years! The PC is not "new technology" any more, and hasn't been for well over a generation now.
Ignorance is not an excuse: you're hired—and paid—to do the job. Part of the job description involves handling sensitive data. If you fuck up, you get fired. As does the clearly incompetent idiot in charge of you. End of story.
No, this isn't what *actually* happens, but it's what *should* happen. Unions be damned: incompetence and wilful ignorant should NEVER be rewarded, protected, or revered. THIS is what's wrong with the UK today.
It's high time British corporate and legal systems went back to rewarding success, not failure.
Wednesday 7th December 2011 13:58 GMT Tony Humphreys
Wednesday 7th December 2011 13:58 GMT Anonymous Coward
Will they listen this time? With all the cutbacks and no incentive to improve things, like balls will they!
Why bother penalizing them? It's the district's citizens who will bear the brunt of this in further cutbacks. Can't see the fat. greedy councillors giving up their £100k+ salaries to cover the shortfall.
Wednesday 7th December 2011 23:40 GMT yeahyeahno
giving up their £100k+ salaries
"Councillors are not paid a salary or wages, but they are entitled to allowances and expenses to cover some of the costs of carrying out their public duties."
You'll notice that they don't even get ALL their expenses covered, just SOME.
Thursday 8th December 2011 13:22 GMT Intractable Potsherd
I think the OP meant paid executives of the council, like the CEO and the "cabinet". It is rather worrying that most people do not know that councillors have basically no power anymore - it is all in the hands of unelected "officials" employed at appallingly high salaries, who should indeed be sacked in situations such as the story reports.
Wednesday 7th December 2011 14:22 GMT WissG
Save Money - Do More Faster - Forget The Rules
Cut services, increase burden, push push push for more more more and...
Bang, something breaks.
Solution (of sorts)...fire the heads of all state institutions that pass the buck downwards. Then imprison the politicians that pushed the buttons and feel it's appropriate to watch the lower ranks loose pay, jobs, etc. while the heads of heads of heads get more and more for savings made Ad infinitum.
Throw in staff that have (believe me, at normal pay levels anyway) been paid less than the private sector would pay them (so say those that award the pay increases), but that it's worth it because they are doing a great service for the people (who appreciate it., not) and there is a good pension as a thank you, at the end...oh, maybe not. Bugger
Wednesday 7th December 2011 14:29 GMT Archivist
Wednesday 7th December 2011 14:29 GMT BorkedAgain
Wednesday 7th December 2011 23:31 GMT Anonymous Coward
Not sure where the fines go, guessing into some central pot somewhere to fund more quangos.
IMO the money should be funnelled straight back into funding measures to ensure this sort of situation does not happen again int he organisation. The managers of the authority should not get to decide how it is spent, that should be dictated by an independent audit and the ICO.
Wednesday 7th December 2011 14:35 GMT Rampant Spaniel
No doubt some manager will get a payrise for fixing the situation. I agree entirely that fining local taxpayers is wrong. Perhaps taking the fine from managements bonus and golf junket fund would be more appropriate?
They really need to make people responsible directly for their actions (in respect to staff) and for the management for allowing for these situations to occur.
If you aren't responsible when things go wrong you cannot claim credit when they go right (and give yourself a huge bonus).
As mentioned above pin protected print jobs are a great idea. Not ideal if you are in a hurry but better to get a little right then a lot wrong!
Wednesday 7th December 2011 14:35 GMT mittfh
Easier solution than PINs...
The place where I work (on the other side of Offa's Dyke!) is steadily rolling out new printers with ID card readers: you submit your print job to the queue, then swipe your (RF)ID card, choose which jobs to print out (the software and ID card are both tied to your network account), then log off. If you don't log off within 2 minutes it automatically does so. Incidentally the ID card is the same one that lets you into the building, so if you forget or lose it, not only can you not print anything off, you also have problems getting into the building in the first place...
Wednesday 7th December 2011 15:37 GMT Anonymous Coward
In the old days
In the old days all print would be printed in the computer room and then burst and deculated and dispatched to you off a trolly that the print assitant operator haned you. You got what you printed, nothing more. Nice how things have moved on. Technology just allows people to speed up there mistakes thesedays. RFID isn't a security measure, given as it's teh same one used to get into the building. Also ignores the fact printed have large fat bufffers thesedays and network cables that are not securely attached - ever gone to the printer after your boss - pulled out the network cable and hit the reprint button. Printers should only be used for external users realy and more controlled - call it QA for secrataries! There again WHY hasn't HP done a printer with a tablet connection were you print to the tablet/kindle and from there have the option for hardcopy. Save alot of tree's and ink and less ozone in the office around that high-volume laser printer. But seems a bit obvious and would reduce there ink bank sales.
ALso did you know in 2 minutes I could email your entire company saying how you all suck - if you have RFID then use it as a proximity feature as well as authentication. Not that RFID's are biometric in any way so you still have deniability.
Wednesday 7th December 2011 15:36 GMT Anonymous Coward
Good article about why you can't save costs and share printers
A fantastic reason why that short-term saving on a shared printer are perhaps not that good from a security and PR perspective. Though does place a somewhat interesting perspective into the term "social services". Ironicly a parent makes a mistake they lose there child, these people make a mistake they lose a few pennies which you and I end up paying for. Bottom line we pay for there mistakes as well as our own. Sadly though the only outcome from this will be some unqualified imported skill set demanding a iPad so they can be percieved to not be doing there job more effeciently.
I don't want to read about a fine, I want to see somebodies head roll - were is the head, show me the head!
Wednesday 7th December 2011 15:37 GMT Andrew Moore
“In so many cases these incidents are the result of carelessness and lack of thought rather than any malicious intention,"
Reminds me of the old adage: Never ascribe to malice that which is adequately explained by stupidity.
Maybe if the ICO started fining local authorities for hiring stupid and untrainable people...
Wednesday 7th December 2011 23:38 GMT All names Taken
Look, it is a bit like this ...
While Councils usually have contingencies set aside it tends to be gloat money.
If people can get through the financial year increasing the gloat fund then all is well.
The trouble is that Councillors tend to be se spineless really.
Rather than starting meetings on lines of:
What are you doing in my name that might get me into trouble or bring disrepute to the Council
it tends to be
How will my Churchillian speech on dog muck at local park go down? I bet Winston would be proud of me and wish he had thought of it first?
Ans: scrap TUPE, scrap salaried wages and all posts (as in ALL) to be clock-in, clock-out
Thursday 8th December 2011 23:09 GMT All names Taken
How much mischief made, prompted, promoted and gloated by Councils goes so totally unaccounted for?
Whitehall really has got the model incredibly right/wrong (it sorta depends - I prefer wrong but Whitehall probably prefers right).
Gov appoints Council to act as its agent in fulfilling services defined and parameterised by Gov and in that structure the agent can make a total mess, run amok, act with extreme violence or equally extreme self interest of employees and it is wholly above the law of the land for it to do so.
Common law of England challenges should be order of the day (negligence, contributory negligence, ... ) seem at first glance a reasonable basis to challenge mandarinary over abuse of powers overlooked (?) by elected and those who really should know better.
Selby? A valid reason why Whitehall needs to be neutered. If ALMO'd watch senior management remuneration packages top PM's in a mo'
Thursday 8th December 2011 23:13 GMT All names Taken
There are some important principles involved here but first! Councils do prefer to reduce services rather than pay fines out of reserves. Get used to it, it is the way it is/ was/ will be
They (councils, civil servants, mandarins) really are above the law and beyond accountability.
Those are enough reasons for the structure to be disassembled swiftly.
Thursday 8th December 2011 23:17 GMT All names Taken
BTW: gent on Radio 4 failed to mention that organisations taking on business as part of privatisation policy then going bankrupt meaning Councils must have extra powers and contingency money dah-de-dah de-dah-dah ... failed to mention that the likes of Southern Cross, Pickfords had imbibed heavily from a poisoned chalice decanted at and from Whitehall in the first place.
Selby: let the ALMO be founded on:
Statutory sick pay scheme for all employees
all employees to clock in, clock out in the way Councils expect their privatised careworkers and cleaners to clock in/out with minute by minute deductions
income and remuneration packages will be key factors in Council placing its business elsewhere
the funding cannot be guaranteed beyond 12 month maximum
contract can be withdrawn with minimal losses incurred at a moments notice