Wolverhampton City Council has been found to be in breach of the Data Protection Act after confidential personal information was disposed of in a skip.
According to the Information Commissioner's Office (ICO), a local newspaper reported that council documents containing names, dates of birth, bank details, employment records and medical information had been fly-tipped after being dumped in a skip located at a community leisure centre.
The skip was subsequently stolen and the documents discarded. The ICO said it first became aware of the breach in October 2010. Its enquiries into the circumstances of the breach revealed that although the council had a written contract in place with a waste management company for the secure disposal of personal data, council employees had failed to recognise the confidential nature of the information when they disposed of it.
Simon Warren, chief executive of Wolverhampton City Council, has now signed an undertaking to ensure that staff are made aware of the council's policies on data protection and confidential waste management, and are appropriately trained in how to follow them. The council will also ensure that compliance with the policies is appropriately and regularly monitored.
Simon Entwisle, director of operations at the ICO, said: “This breach demonstrates how important it is that staff who handle personal data have a good understanding of the need to keep it safe at all times – especially when it is being disposed of. An organisation's responsibility to keep information secure does not end when it is taken out of the building.
“The thought of people's personal details being dumped on the street is worrying enough, not to mention what could have happened if it had fallen into the wrong hands. I am pleased that the council has taken the necessary steps to ensure that this type of breach does not happen again.”