A Council whose former employees’ pension records were found in an over-filled paper recycle bank in a supermarket car park have been fined £250,000 for the data breach. The files were spotted by a member of the public who called police, and 676 files were recovered in all. Scottish Borders Council employed an outside company to digitise the records, but failed to seek appropriate guarantees on how the personal data would be kept secure. That prompted the Information Commissioner to use his powers under the Data Protection Act to impose a Civil Monetary Penalty of £250,000 on the Council. The Data Protection Act requires that, if you decide to use another organisation to process personal data for you, you remain legally responsible for the security of the data and for protecting the rights of the individuals whose data is being processed.
This provides summary information and comment on the subject areas covered. Where employment tribunal and appellate court cases are reported, the information does not set out all of the facts, the legal arguments presented and the judgments made in every aspect of the case. Employment law is subject to constant change either by statute or by interpretation by the courts. While every care has been taken in compiling this information, we cannot be held responsible for any errors or omissions. Specialist legal advice must be taken on any legal issues that may arise before embarking upon any formal course of action.
