A Scotland-based child welfare organisation is in breach of the Data Protection Act in two separate cases, the Information Commissioner's Office has discovered.
The Scottish Children's Reporter Administration (SCRA), which is responsible for protecting children in the judicial system, failed to protect the privacy of children by failing to secure their personal information.
The ICO said that back in January 2011 the agency sent papers containing the details of a child to the wrong email address. The papers contained sensitive information related to the case including the contact information of the child’s mother and witnesses.
Then, in September 2010, the agency lost 9 case files when a filing cabinet was removed during a refurbishment of the office. The cabinet was supposed to be destroyed, but was sold instead. The files contained personal information such as birth dates, names and social reports.
"The fact that sensitive information was mishandled not once but twice by the same organisation is concerning," said Assistant commissioner for Scotland and Northern Ireland, Ken Macdonald.
"On both occasions the personal data which was compromised related to young children and was caused by human errors that could easily have been avoided," he added.