Foyle Women’s Aid, the Derry charity which works with victims of domestic abuse, has been investigated after a folder containing sensitive client information was left in a cafe, the Journal has learned.
An investigation was carried out under the Data Protection Act following the incident in June 2012 with follow up work by the Information Commissioner’s Office (ICO) carried out late last year.
The incident was contained as the cafe owner promptly returned the documentation. Official ICO documents related to the incident, and published online, noted “an apparent lack of effective controls and procedures for taking information out of the office was a contributor to the loss of highly sensitive personal data.”
The investigation went on to reveal that a worker “was transporting excessive information, as the lost folder contained personal data which was not relevant to the meetings the individual had scheduled that day. However, by having this information the worker acted outside the of the data controller’s expectations and in particular failed to act in accordance with the data controller’s previous instructions.”
In November 2013 as part of a follow-up check, the ICO states that lockable boxes have been introduced for the transportation of paper data outside the office.
It’s also understood that line managers are undertaking physical security spotchecks to ensure compliance with clear desk procedures.
Foyle Women’s Aid have declined to comment.