Scottish Borders Council Fined Following Pension Data Problems

Expert Calls For Organisations To Learn Lessons Over Protecting Information


A data protection expert at Irwin Mitchell has called for organisations to ensure they tread carefully when outsourcing, after Scottish Borders Council was fined £250,000 after pension records were found in a recycle bank in a supermarket car park.

The local authority were using an outside company to digitise records, but failed to put a contract in place with the third party and sought no guarantees on technical and organisational security protecting the records.

It was then discovered that more than 600 files, containing confidential information and bank account details, were found in recycling bins. A further 172 files were also deposited on the same day at a different bank but are thought to have been destroyed.

Ken Macdonald, the assistant commissioner for the Information Commissioner’s Office for Scotland, said the case was an example of an organisation “taking its eye off the ball” in relation to outsourcing.

Commenting on the fine, Joanne Bone, a lawyer at Irwin Mitchell who specialises in advising on intellectual property and data protection issues, said: “This case is a hugely worrying example of why organisations need to take every possible step to ensure vital information is always treated with the utmost care.

“Sadly cases like this are not uncommon, so it is vital that businesses and other bodies pay attention to such incidents and ensure that lessons can be learned from them.

“All organisations need to ensure that they take steps to avoid this kind of problem from affecting them. It is particularly important that contracts featuring the necessary safeguards are put in place with third parties that are responsible for tasks related to data.

“Such measures can play a key part in ensuring that vital information is always handled in the best and safest manner.”