Adoption charity Birthlink has been fined £18,000 by the Information Commissioner’s Office (ICO) after it destroyed thousands of personal records.
The regulator says that one in ten of the records may be “irreplaceable” and were “erased due to systematic data protection failures” by the Scottish charity.
This included handwritten letters from birth parents, photographs and copies of birth certificates.
“Our investigation found the charity had limited knowledge of data protection obligations and lacked cost effective and easy-to-implement policies and procedures, which would likely have prevented the destruction,” said the ICO.
Its investigation into the Scottish charity found that up to 4,800 personal records were destroyed.
The regulator has detailed that the charity destroyed records, related to people already being linked to those they were seeking, as space was running out in the filing cabinets where they were being stored.
It had been agreed that only replaceable items could be destroyed. But two years later, following an inspection by the Care Inspectorate, the charity’s trustees became aware that irreplaceable items had been destroyed. They then reported the incident to the ICO.
“This case highlights - perhaps more than most - that data protection is about people and how a data breach can have far-reaching ripple effects that continue to affect people’s lives long after it occurs,” said ICO head of investigations Sally Anne Poole.
“The destroyed records had the potential to be an unknown memory, an identity, a sense of belonging, answers – all deeply personal pieces in the jigsaw of a person’s history - some now lost for eternity.
“It is inconceivable to think, due to the very nature of its work, that Birthlink had such a poor understanding of both its data protection responsibilities and records management process.”
She added: “Whilst we acknowledge the important work charities do, they are not above the law and by issuing and publicising this proportionate fine we aim to promote compliance, remind all organisations of the requirement to take data protection seriously and ultimately deter them from making similar mistakes.
“We do however welcome the improvements the charity has subsequently put in place, not least by appointing a data protection officer to monitor compliance and raise awareness of data protection throughout the organisation.”
Birthlink has been contacted for comment.
.
Latest News
-
Falling income and rising demand forces 71-year-old charity to close
-
Regulator fines adoption charity that destroyed ‘irreplaceable personal records’
-
Eleanor Smith: It’s time to retire the myth of the perfect volunteer
-
Branch closures set to take place at Samaritans
-
Petition calls for charity staff to be included in key worker housing schemes
-
Four major charity funders link up to improve support for children
Charity Times video Q&A: In conversation with Hilda Hayo, CEO of Dementia UK
Charity Times editor, Lauren Weymouth, is joined by Dementia UK CEO, Hilda Hayo to discuss why the charity receives such high workplace satisfaction results, what a positive working culture looks like and the importance of lived experience among staff. The pair talk about challenges facing the charity, the impact felt by the pandemic and how it's striving to overcome obstacles and continue to be a highly impactful organisation for anybody affected by dementia.
Charity Times Awards 2023
Mitigating risk and reducing claims
The cost-of-living crisis is impacting charities in a number of ways, including the risks they take. Endsleigh Insurance’s* senior risk management consultant Scott Crichton joins Charity Times to discuss the ramifications of prioritising certain types of risk over others, the financial implications risk can have if not managed properly, and tips for charities to help manage those risks.
* Coming soon… Howden, the new name for Endsleigh.
* Coming soon… Howden, the new name for Endsleigh.
Better Society
© 2021 Perspective Publishing Privacy & Cookies
Recent Stories