The organisation will be hit with a fine from the Information Commissioner’s Office after sending pension records for recycling
The Scottish Borders Council (SBC) are set to be hit with a substantial fine by the Information Commissioner’s Office (ICO) following a data breach that saw hundreds of staff pension records sent for recycling.
While the council has moved to reassure current and former employees that none of their personal information was exposed as a result of the incident, the ICO will still move to impose a financial penalty given the nature of the breach, as the SBC failed to take the appropriate measures to protect sensitive details.
"I would like to reassure individuals who may have been affected that, based on the in-depth investigation carried out by our officers, we are confident that no personal information was accessed and the breach was contained upon its discovery," said SBC chief executive Tracey Logan.
The error was highlighted when a member of the public discovered the files in a recycling centre, indicating that the SBC’s records management system needs an overhaul in order to prevent such an incident happening again.
According to reports, the 676 files that related to the Local Government Pension Scheme were quickly recovered by the SBC once they had been found, and the organisation has since moved to securely destroy the documents.
A further 172 files were located at a different recycling bank, yet it is said that these would have been disposed of mechanically.
And given that the data breach has been linked to the actions of an external contractor, the agreement between the SBC and the firm has since been terminated.
Yet in order to ensure that the SBC places greater emphasis on data protection in the future, the ICO has said that it will carry out an audit in the next 12 months to check on the organisation’s policies in terms of handling sensitive information and training staff in the appropriate practices.