ICO Reprimands Birmingham Children’s Trust for Data Breach

THE Information Commissioner’s Office (ICO) has issued a reprimand to Birmingham Children’s Trust Community Interest Company after the personal information of a child was inappropriately disclosed to another family.  

The child protection and review department at Birmingham Children’s Trust Community Interest Company, which is owned by Birmingham City Council, was working with two neighbouring families when the data breach occurred.

A child protection plan was disclosed to one family that contained both personal information and criminal allegations relating to a child from the neighbouring family. This information was included in error after being copied across from meeting minutes.

The ICO’s investigation found that Birmingham Children’s Trust Community Interest Company did not have appropriate policies or sufficient practical guidance in place to ensure the security of personal information.

Sally-Anne Poole, Head of Investigations at the ICO, said:

“Children’s personal information requires extra protection and must be handled with great care. This disclosure of personal information by social workers at Birmingham Children’s Trust Community Interest Company was a violation of privacy that would have caused distress to both the child and their family.

“We expect all organisations processing personal information to ensure they have robust policies and procedures in place to protect it. We will take action when personal information, especially belonging to children and young people, is compromised.”

The ICO recommended that Birmingham Children’s Trust Community Interest Company should take further steps to ensure its compliance with data protection law, including:

  • Implement a more granular approach to data protection and create a Standard Operating Procedure with regards to producing social care documents.
  • Include a process for any social care product to be independently checked by someone other than the author prior to disclosure.
  • Create and implement a corporate redaction policy, which ensures staff have the knowledge and tools, to redact the product if necessary.

The reprimand can be read in full here.