The U.K.'s Information Commissioner's Office has reprimanded the Scottish Children's Reporter Administration for its poor data protection practices, which may have led to the exposure of sensitive child welfare information.
According to the ICO, the SCRA violated the country's Data Protection Act on two separate occasions in the past 12 months.
The first incident took place in September 2010, when the SCRA inadvertently left sensitive documents in a file cabinet that was removed during an office refurbishment, the ICO claims. The cabinet, which was supposed to be destroyed, still contained the files when it was sold to a second-hand furniture shop.
The files contained children's names, dates of birth, referral decisions and social reports, the ICO stated.
The second incident occurred in January 2011, when the SCRA mistakenly emailed legal papers containing a child's sensitive information to the wrong addresses. The information included the identities of the child's mother and witnesses.
"The fact that sensitive information was mishandled not once but twice by the same organization is concerning," Ken Macdonald, assistant commissioner for Scotland, said in a statement. "On both occasions the personal data which was compromised related to young children and was caused by human errors that could easily have been avoided. Luckily, on both occasions, the information was not circulated widely."
However, despite these data compliance failures, Macdonald did praise the SCRA for taking initiative to improve its data protection practices.
"I am pleased that the Scottish Children’s Reporter Administration has taken action to make sure that the personal information they handle is kept secure and would urge other organizations, particularly those handling sensitive information relating to young people, to follow suit," Macdonald added.
According to the ICO, the SCRA is working to raise awareness about data protection among its employees. Education is an approach that is advisable for all organizations, and one that the ICO strongly advocates. In fact, last month, the ICO revealed that it was pushing for data protection awareness to be taught to children in primary and secondary schools, Computing.co.uk reported.
While this may seem like it's jumping the gun a bit, instilling data security awareness at an early age may be crucial, given the fact that children are now growing up with the Internet and a wealth of potentially sensitive data at their fingertips.