Social care charity, Norwood Ravenswood Ltd, has been fined £70,000 by the UK Information Commissioner's Office (ICO) after highly sensitive reports about four children were left outside a London home by a social worker after attempting to deliver them to the children's potential adoptive parents. The reports contained details of neglect and abuse suffered by the children, together with the names and addresses of their birth families. The information was never recovered.
The ICO found that the social worker had not received data protection training and received no guidance on how to send personal data securely to prospective parents.
The ICO commented: "We have warned the charity sector that they must have thorough policies and procedures in place to keep the often sensitive information they handle secure. We do not want to be issuing monetary penalties to charities, but in this case the seriousness of the breach left us with little choice... The fact that the social worker had received no training while working at the charity, on how to look after what is extremely sensitive information, is truly staggering. This breach was entirely avoidable".
This incident is a stark reminder to all organisations, whether public, private or charitable, of the importance of ensuring that all staff who handle personal data are adequately trained; not only