York Council Data Breach Caused By Printer Mix Up

The Information Commissioner's Office has reprimanded the City of York Council for breaching the Data Protection Act, new data security measures are being implemented.

According to the ICO, the breach occurred when a council employee accidentally collected personal data from a printer and sent it with another document to a third party. The ICO rapped the council for a lack of quality control and employee supervision.

“This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data. If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided,” Sally-Anne Poole, the acting head of enforcement at the ICO, said in a statement.

The ICO revealed that the council had committed to an agreement under which it would refrain from printing personal information unless it was absolutely necessary, and implement security measures to govern the use of printers by employees.

“We are pleased that the City of York Council has introduced new security measures governing the use of its printers and that staff will now be required to carry out appropriate quality control checks to avoid information being incorrectly disclosed in this manner,” the ICO said in a news release.