What is the attraction to a cabinet minister of dumping confidential paperwork in a public bin, when presumably a confidential destruction service is readily available to such people? For the second time in just over two weeks we have another cabinet minister doing more or less the same thing as Oliver Letwin did in St James’s Park. It has been reported that unshredded paperwork containing letters from ministers was found dumped outside Vince Cable’s Richmond and Twickenham office. At least it seems to be a problem that afflicts both factions of the coalition, and Mr Cable may have been coming out in sympathy with Mr Letwin by drawing some fire from his Tory colleague. Who knows?
Apart from the fact that both of these incidents seem to indicate clear breaches of the Data Protection Act, they also indicate an alarming lack of judgement by the two men involved, but that is another discussion for another day.
As someone who regularly advises and lectures on the Data Protection Act, it seems almost inconceivable to me that Mr Letwin and Mr Cable could be entirely ignorant of the Act and its implications: as I mentioned in my last blog, there is a steady stream of incidents reported in the press of people losing confidential data, and awareness of the need for digital (and non-digital) data security seems generally high.
At least Mr Cable has had the good grace to accept that what he did was an "unacceptable breach of privacy"; Mr Letwin’s ‘defence’ was that none of the documents that he dumped in St James’s Park was classified. I would imagine that the Information Commissioner will not be taken in by that. After all, if your GP was to leave your medical records in a bin in the local park, you wouldn’t be placated if he told you not to worry because your medical records aren’t classified information; equally, if your bank manager dumped your bank statements in a skip you would be unimpressed by being told that the security of the nation had not been compromised as a result.
The information dumped by the cabinet ministers may not be crucial to national security, but for the people whose information has been left lying about, that is little consolation.
The first rule of data protection should be: treat the personal data of others as you would like others to treat yours.