• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

Best Practice Update

public sector in brown text on cream puzzle pieces held at each end by hands

Public bodies and sensitive data

Computing Magazine recently reported about the ICO reprimanding seven organisation for domestic abuse breaches in the last 14 months.  A collection of public bodies, charitable organisations, law enforcers and lawyers have made personal data slips when handling domestic abuse cases in the last year, showig abusers where to find their victim is hiding.
The full article can be viewed:  Public bodies expose victims' details to domestic abusers.

"Basic human error can have devastating consequences," added Geraldine Hanna, commissioner designate for victims of crime, Northern Ireland.

Among those reprimanded was Jackson Quinn, a solicitor firm in Nottingham.

When representing adopted children in the family court, the company accidentally sent their addresses to their father in prison, where he was put for repeatedly raping their mother.
The reprimands are a new approach to dealing with slack data governance at the ICO. Where it would normally issue fines, the regulator is now working with organisations to fix procedures so they don't simply keep getting it wrong.

DPE would always advise caution when dealing with special category data. DfE guidance is that any information relating to such data as:

  • A safeguarding matter
  • Pupils in receipt of pupil premium
  • Pupils with special educational needs and disability (SEND)
  • Children in need (CIN)
  • Children looked after by a local authority (CLA)

It is best practice to also treat as special category data. Special category data is considered more sensitive and given greater protection in law: Lawful basis for processing special category data.

The ICO publishes lessons learned from reprimands:

  1. Avoid inappropriate disclosure of personal information by having policies in place and training your staff
  2. Respond to information access requests on time
  3. Implement a data protection by design and default approach

Data Protection Education provides a DPO service to schools, trusts and small organisations through pushing out the framework and Knowledge Bank tools to you led by a designated consultant and support toeam.  We also provide inbound support from our core DPO team. Whether you have a routine question or complex data subject access requests, data breaches or freedom of information requests we have someone ready to respond.