Norwood: £70k fine for data security breach is too much
By News England

Norwood, the Jewish social care charity that was fined £70,000 for a data protection breach after an employee left some files outside a house, has attacked the penalty as disproportionate and is considering an appeal.

The Information Commissioner’s Office took the unprecedented step of fining the charity because, it said, the seriousness of the breach warranted a stiff penalty.

The documents, which contained the welfare history of four children in care, all aged under six, were left on the doorstep of the private home of their prospective adoptive parents, after the social worker was unable to deliver them personally.

But this week, Norwood CEO Elaine Kerr hit back against the ICO’s criticism.

She told civilsociety.co.uk: “Norwood has always taken the issue of data protection extremely seriously and deeply regrets what was an isolated breach within our adoption service.

“It is clear, however, that the fine of £70,000 is disproportionate and we have reserved our right to appeal the amount on these grounds.”

She added that contrary to the ICO’s contention, the breach did not occur because of inadequate training, but rather was an “obvious lapse of judgement” by a single individual.

“It was in no way a reflection of our practice, policies or guidelines, but an act of human error,” Kerr said.

She also stressed that the charity reported itself voluntarily to the ICO when it realised the breach had occurred, and has taken “appropriate action” against the staff member at fault.

“Most importantly,” she added, “ no harm was actually caused to any party involved in the breach, and this is the only incident of the kind at the charity during its 200 years of operation.”