Norwood hit with fine
by: Ben Simons - Last updated: 2012-10-15
Jewish social support and care charity Norwood Ravenswood has been fined £70,000 for a serious breach of data protection.
The Information Comissioner's Office (ICO) handed down the fine after one of Norwood's social workers left confidential reports concerning four children went missing in London.
"We do not want to be issuing monetary penalties to charities, but in this case the seriousness of the breach left us with little choice," said Stephen Eckersley, head of enforcement at the Information Commissioner's Office.
Following the £70,000 fine, Norwood is planning to make an appeal and said it has taken steps to improve its processes.
"We have warned the charity sector that they must have thorough policies and procedures in place to keep the often sensitive information they handle secure," added Eckersley. "The children involved in this case were no more than six-years-old and now they are in a situation where their most sensitive details could be in the hands of a complete stranger."
The ICO also raised its concern about the lack of training offered to the social worker. "The fact that the social worker had received no training while working at the charity, on how to look after what is extremely sensitive information, is truly staggering."
In a statement, Norwood said: "Norwood found itself, within its adoption service, to be in an isolated breach of the Data Protection Act and reported itself to the IOC when it was discovered. Norwood took immediate steps to tighten its procedures in line with the Act to ensure that an incident of this kind will not be repeated."
Update: 15 October 2012
Norwood chief executive Elaine Kerr responds:
I write in response to the article which appears on your website.
Norwood has always taken the issue of Data Protection extremely seriously and deeply regrets what was an isolated breach within our Adoption Service. It is clear however, that the fine of £70,000 is disproportionate and we have reserved our right to appeal the amount on these grounds.
Contrary to the press release issued by the ICO, the incident did not occur due to inadequate training, but was an obvious lapse in judgement by one individual employed by Norwood. It is clear that the incident was in no way a reflection of our practice, policies or guidelines, but rather an act of human error.
It should also be noted that Norwood reported itself voluntarily to the ICO when we discovered the breach and we took immediate measures to tighten our data protection procedures even further. Norwood co-operated fully throughout the ICO’s investigation and appropriate action has been taken against the member of staff concerned. Most importantly, no harm was actually caused to any party involved in the breach. We should also state that this is the only incident of its kind at the Charity during its 200 years of operation.
The public can remain confident that Norwood will continue to provide world-class services to the people who need it most, with absolute integrity and commitment to protect the privacy and confidentiality of the people we support.