Tag Archives: Ken Macdonald

NI Department of Justice Fined by ICO after Data Breach

Northern Ireland’s Department of Justice has suffered from an embarrassing data breach which has resulted in them being hit with a £185,000 fine by the Information Commissioner’s Office (ICO). The fine was reduced to £148,000 for early payment. 

The data breach occurred when one of the department’s agencies, the Northern Ireland Compensation Agency, sent 59 locked filing cabinets without keys to auction without checking what was in them beforehand.

Once the person who bought the filing cabinet at the auction had managed to break into it, he then contacted police upon realising the contents within. The filing cabinet was full of confidential paperwork from the 1970s to 2005. This paperwork contained confidential data such as personal details belonging to victims of a terrorist attack, the injuries that they suffered and the amount of compensation that they had been offered.

The Police Service of Northern Ireland took the documents and handed them back to the department who in turn, reported the incident to the ICO.

After the ICO’s investigation, the Department of Justice have stated that they are confident that none of the data has been compromised as the cabinet had remained locked until the person who purchased it had forced it open. The department is also confident that none of the other filing cabinets contained any files and were keen to stress that they openly cooperated with the ICO as soon as they knew about the data breach.

Justice Minister David Ford stated, “I, and my Department, take the security of personal data very seriously and accept that this was a breach of the Data Protection Act and should not have happened. We informed the Information Commissioner as soon as we became aware of the breach. The Justice Committee was also subsequently made aware.

Ford added, “The Department has co-operated fully with the Information Commissioner and paid the penalty imposed. This was an unfortunate breach of data security caused by simple human error and not a systemic problem within the Department. We are satisfied that none of the information was compromised and none of the other cabinets sold contained any files.”

Ford concluded, “Detailed procedures have now been implemented to ensure that, in future, any personal data contained in furniture that is being disposed of will be dealt with securely.”

Ken Macdonald who is the assistant commissioner for Northern Ireland believes that the fine imposed is suitable due to the potential harm that this data breach could have had if the data had fallen into the wrong hands.

Macdonald stated, “This is clearly a very serious case. While failing to check the contents of a filing cabinet before selling it may seem careless, the nature of the information typically held by this organisation made the error all the more concerning. The distress that could have been caused to victims and their families had this fallen into the wrong hands is self-evident.”

This latest security breach just shows that it is now imperative that companies have a strict data security plan in place which is followed and fully understood by all employees. This is another incident where if the department had been proactive rather than reactive with ensuring that appropriate procedures were in place, they would have saved themselves a significant amount of money and damage to their reputation.

Handling Confidential Data Whilst Teleworking

The opportunities for employees to telework have continued to increase over the years as employers have seen financial and productivity benefits. Advancements in technology and access to faster broadband speeds across the country have assisted in the increased numbers of teleworkers. As a result, the number of people who are handling confidential data outside of their office environment has increased.

Gill Taylor who is a HR Consultant stated, “Research shows home workers are generally more productive. A survey in 2011 by the Confederation of British Industry found that the percentage of employers offering home working was 59 per cent, up from 13 per cent in 2006.”

Therefore, it is imperative that the employer has the correct regulations and measures in place before they let employee’s telework to help reduce the chances of confidential data being compromised, lost or deleted.

Teleworking is when an employer has an agreement with an employee where they do not commute to a central place of work and use their own computers and telephones etc. to contact colleagues, customers or a central office.

No matter where you are working from, significant care and caution needs to be applied when dealing with confidential data. An incident occurred back in November 2011 where an employee of Aberdeen City Council compromised confidential data when teleworking. Confidential data relating to the care of vulnerable children was accidently posted online after the employee accessed the documents on their home computer. A file transfer program which was already installed on the computer then proceeded to automatically upload the documents to a website. This confidential data remained on the website for a further two months until another employee found the data in public domain by entering their own name and job title into a search engine.

This incident resulted in an investigation being conducted by the Information Commissioner’s Office (ICO) who issued a fine for £100,000 which can be reduced to £80,000 if the payment deadline was met.

 Ken Macdonald who is an assistant commissioner for Scotland at the ICO stated, “As more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure.”

Macdonald added, “In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information. On a wider level, the council also had no checks in place to see whether the council’s existing data protection guidance was being followed. The result was a serious data breach that left the sensitive information of a vulnerable young child freely available online for three months.”

Macdonald then concluded by stating, “We would urge all social work departments to sit up and take notice of this case by taking the time to check their home working setup is up to scratch.”

Before an employer allows an employee to telework, they need to make sure that they have the appropriate regulations and measures in place to help minimise the chance of confidential data being compromised or lost. As part of this, the employer should ensure that they have a robust backup solution in place so if any files were to be lost, deleted or modified; the data can be recovered successfully.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal