WIREDGOV

A Welsh home care provider has been found in breach of the Data Protection Act after the files of 10 vulnerable and elderly people were found on a street in Neath Port Talbot. The news follows an investigation by the Information Commissioner’s Office (ICO) into the data loss by Neath Care in August 2013.

The papers explained the individuals’ care plans and included sensitive information relating to their health. The ICO found that Neath Care failed to provide their staff with guidance explaining how sensitive personal information should be handled and kept secure when taken outside of the office. A lack of basic monitoring also meant that the provider only became aware that the papers were missing when the matter was reported to them by a member of the public.

ICO Assistant Commissioner for Wales, Anne Jones, said:

“Nobody expects to find their sensitive personal information lying on the pavement. Taking this type of information outside of the office is an inherent part of running a home care provider. But, the fact that Neath Care did not account for this fact by providing their staff with guidance on how to handle information in this setting, is alarming.

“The provider must now improve their practices in order to protect the vulnerable people they serve. This will include introducing new guidance and training for their staff to make sure people’s information is kept secure and introduce a procedure for keeping a track of when personal information is taken off site.”

View a copy of the undertaking signed by Neath Care

ENDS

If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.org.uk.

Notes to Editors
 
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn. Read more in the ICO blog and e-newsletter. Our Press Office page provides more information for journalists.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection