Sunday, 9 February 2014

Unencrypted data on children

A laptop computer containing sensitive data about looked after children was stolen from a member of a fostering and adoption panel in Edinburgh. Among the files on the computer were minutes from dozens of reviews regarding children removed from their families by social services.

Edinburgh City Council, which operates the fostering system, admitted the laptop data had not been encrypted.

Foster parents spoke of their concerns over the theft. Reviews of parents are carried out periodically and involve discussing how the fostered children are settling with the family, along with any behavioural or medical problems.
One foster parent told the Evening News: "The council got in touch and said the minutes of dozens of meetings were contained on a laptop which had been stolen, and there may have been a data protection leak. From what we understood there could have been several years’ worth.
"We got the impression that they were supposed to be very hot on confidentiality. You can’t discuss certain things with your neighbours, so it’s somewhat ironic that this has happened at their end."

It appears that lessons are not easily learned. Again councils and care agencies have been criticised for failing to safeguard personal data. Local authorities and independent fostering and adoption agencies are not always adequately protecting the information on their computers about looked-after children.
An investigation by the Information Commissioners Office (ICO) found "highly sensitive" information about children and adults is routinely emailed between independent agencies and local authorities for the purposes of arranging care placements without encryption safeguards being put in place.
The information includes the medical history, marital status, relationship information, employment, criminal convictions and religious beliefs of the prospective foster carer/adopter; as well as medical history, birth parent information, placement history, educational achievement, behaviour issues and ethnicity details for children awaiting a foster carer or adopter.
Last year, the ICO issued two councils with penalties totalling £150,000 after sensitive information about the care of young people was lost by children’s services.

Given that the GIRFEC approach in Scotland involves gathering data on all children, even before a child is born, and continuing with the data mining for 18 years after the birth, the amount of information in  files is going to be enormous. Apart from a consideration of the other issues which opponents express about the GIRFEC Bill, past experience informs us that whenever there is data to play around with, not only is the data exchanged between officials not always accurate - but keeping that data secure cannot be guaranteed.


No comments:

Post a Comment