Are you leaving your information lying about - literally in this case!

When you’re entrusted with sensitive information about clients and customers, you owe them a duty of care. This means that you should look after their data properly, and not, like a Welsh home care provider in 2013, accidentally drop their files on the pavement and leave them there.

The Neath Care organisation was found to have breached Data Protection Act regulations after the files of 10 vulnerable and elderly people were found lying on a street in Neath, Port Talbot. The paperwork contained details about some of the people being cared for by the company, including sensitive health-related information, individual care plans and more.

An investigation by the Information Commissioner’s Office (ICO) into the incident in August 2013 revealed that Neath Care failed to provide their workers with any training or guidance about how to deal with sensitive data, or how to ensure that clients’ personal information was properly handled and kept secure when it was taken outside of the office. 

The investigation also revealed that there was a  lack of basic monitoring at Neath Care which led to the company only realising they had mislaid the paperwork after a member of the public reported it to them.

The ICO Assistant Commissioner for Wales, Anne Jones, said: “Nobody expects to find their sensitive personal information lying on the pavement. Taking this type of information outside of the office is an inherent part of running a home care provider. But, the fact that Neath Care did not account for this fact by providing their staff with guidance on how to handle information in this setting, is alarming.

The provider must now improve their practices in order to protect the vulnerable people they serve. This will include introducing new guidance and training for their staff to make sure people’s information is kept secure and introduce a procedure for keeping a track of when personal information is taken off site.”

What would you do if you lost important and/or sensitive personal information like this? Would you know about it straight away? Do you have policies in place informing staff members how they must take care of information that’s taken out of the office environment, either in hard copy files or on a computer or memory device?

To avoid getting into this sort of situation, and potentially being fined by the ICO, it’s vital that all businesses have a policy for dealing with sensitive material. If you’re unsure of how to protect your data, what to include in your staff policy or how to train your staff, contact me and I will be delighted to   provide you with guidance and advice.