North Lanarkshire Council taken to task for breaching DPA

ICO said council provided inadequate guidance to its workers

The Information Commissioner's Office (ICO) has confirmed that North Lanarkshire Council breached the Data Protection Act after sensitive information was stolen from a home support worker's bag.

The council alerted the ICO shortly after the theft occurred in October 2010.

The information that was stolen from the unlocked bag included the worker's visiting schedule for the next two days, and information relating to the mental or physical health of six vulnerable adults.

"Organisations have a responsibility to make sure that any personal information used by their workers outside the office remains secure," said Ken MacDonald, assistant commissioner for Scotland.

"It is never acceptable for papers or a disc containing sensitive personal information to be left in an unlocked bag without necessary precautions," he added.

"The council's guidance on the handling of this type of information was inadequate and failed to advise staff on the best means of keeping information safe."

Gavin Whitefield, chief executive of North Lanarkshire Council, has since signed an undertaking to ensure that the council has sufficient policies and procedures on the storage, use and disposal of hard copy personal information in place.