Channel Eye
2022-26-27 URN 10034 IQ Banner
  • Home
  • Business
    • Appointments
    • Data Protection
    • Digital & Technology
    • Environment
    • Features
    • Finance
    • Interviews & Profiles
    • Leadership
    • Legal
    • People
    • Property
    • Retail & Hospitality
    • Transport
    • Workplace Wellbeing
  • Lifestyle
    • Arts & Culture
    • Charity & Community
      • Macmillan
    • Food & Drink
    • Health & Wellbeing
    • Home
    • Music
    • Play
    • Travel
    • Wedding
  • Events
    • Events in Jersey
    • Events in Guernsey
    • Events in Isle of Man
    • Virtual events
    • Past events
  • Directory
  • Location
    • Jersey
    • Guernsey
    • Alderney
    • Isle of Man
  • About
  • Contact
No Result
View All Result
Channel Eye
No Result
View All Result
2022-26-27 URN 10034 IQ Banner
Home Business Data Protection

Children’s Services Department falls foul of data protection law again, but can not be fined

February 22, 2022
in Business, Data Protection, Jersey
Jacob Kohnstamm
Share on FacebookShare on TwitterShare on LinkedIn

Jersey’s Data Protection Authority (JDPA) has published the outcome of a formal inquiry into three contraventions of the Data Protection law by the Children’s Services Department.

The department is a function of the Children, Young People, Education and Skills Department of the Government of Jersey.

In this case, the Information Commissioner found that on two occasions the Department had failed to comply with the Law in that it failed to ensure that it had appropriate technical and organisational measures in place to maintain the security of the data it processes. These failures led to two separate personal data breaches. The Department also failed to notify the JDPA of those breaches within the required timeframe, which in itself constitutes a breach of the Law.

The breaches related to the Department’s use of an online conferencing platform to hold a child protection meeting during which sensitive personal information about an individual was disclosed to other call participants, who should not have been present for that part of the call.

Secondly, a disclosure made by a family member who was present on the call, was then disclosed by the Department to an unintended recipient via email.

The Department failed to report the first two breaches to the JDPA within the timescales required by the Law.

Notwithstanding this was the second Public Statement the JDPA has issued to the Department in the last six months, the JDPA considered the Department’s early admissions, open and direct liaison with the affected parties and complete cooperation by the Department’s staff with the JDPA as mitigating factors. It also recognised the Department took appropriate steps following the breaches, including:

  • Identifying areas for improvement such as bespoke data protection training for staff.
  • Making recommendations to implement a training programme for the use of new technology in its day-to-day processes.
  • New procedures for disclosing personal data on conference calls, updating processes for using online video conferencing software and a change of process around the sending sensitive information via email.

The JDPA also noted that following the incidents, staff were reminded of the importance of, when required, reporting any personal data breaches to the Jersey Office of the Information Commissioner and why it is imperative to do this within the required timeframe.

Had the JDPA not been prevented by Law from imposing a fine due to the Department being a Public Authority, a fine would have been considered

Accordingly, the JDPA issued a formal reprimand, made orders in respect of remedial steps to be taken by the Department, and determined that the circumstances of this case were of sufficient gravity that it was in the public interest to warrant a public statement. Had the JDPA not been prevented by Law from imposing a fine due to the Department being a public authority, the JDPA would have considered a fine in these circumstances.

Jersey Data Protection JDPA Chair, Jacob Kohnstamm (pictured), commented: “Special category personal information is afforded higher levels of protection under the Data Protection (Jersey) Law 2018, reflecting the harm and distress to individuals that can result from a breach.

“The JDPA is clear that where organisations do not take their legal responsibilities to protect such data seriously or where they are negligent as to their responsibilities, consideration will be given to the appropriate sanction (including the issuing of a fine, where permissible). All data controllers and processors have significant obligations in law and are accountable for the personal data they are entrusted with. This is particularly important when the organisation concerned is a public authority, as building the trust and confidence of the Jersey public in Government data handling activities is paramount.”

Information Commissioner Paul Vane commented: “The Law is there to protect individuals from the misuse of their personal information. This Inquiry highlights the importance of ensuring robust security measures are in place when processing personal information, especially when it is of a sensitive nature.

“The rise of online conferencing platforms during the Covid-19 pandemic has led to organisations implementing new ways of carrying out their day-to-day work, but it is important for organisations to ensure that all their staff are fully trained in the use of such platforms, including the risks of use and what they can do to mitigate such risks. It also highlights the impact a lack of basic awareness can have on the rights, freedoms and privacy of individuals and the distress that can occur when things go wrong.

“In line with the ‘Data Security, Integrity and Confidentiality’ Principle of the Law, Data Controllers must ensure the appropriate measures are taken to protect people’s personal information and ensure staff remain vigilant and are appropriately trained.”

Tags: Data protectionJersey Data Protection Authority (JDPA)
ShareTweetShare
Tim Bullock

Tim Bullock

Related Posts

Emma Martins
Data Protection

Are you transferring data legally?

June 22, 2022
Data Protection

Most personal data breaches occur via email according to latest statistics

May 19, 2022
Paul Vane
Data Protection

Jersey Information Commissioner publishes their annual report

May 17, 2022
Next Post
Co-op St Peter Jersey

Your opportunity to join the Channel Islands Co-op Board of Directors

NatWest
2022-26-27 URN 10032 IQ Skyscraper
2021-07-13 ChannelEye Get seen MPU

Subscribe to our newsletter

Get the latest, no-nonsense, essential news and information direct to your inbox.
  • Home
  • Business
  • Lifestyle
  • Events
  • Directory
  • Privacy Policy
  • About
  • Contact
  • Subscribe

© 2020 Channel Eye Limited

No Result
View All Result
  • Home
  • Business
    • Appointments
    • Data Protection
    • Digital & Technology
    • Environment
    • Features
    • Finance
    • Interviews & Profiles
    • Leadership
    • Legal
    • People
    • Property
    • Retail & Hospitality
    • Transport
    • Workplace Wellbeing
  • Lifestyle
    • Arts & Culture
    • Charity & Community
      • Macmillan
    • Food & Drink
    • Health & Wellbeing
    • Home
    • Music
    • Play
    • Travel
    • Wedding
  • Events
    • Events in Jersey
    • Events in Guernsey
    • Events in Isle of Man
    • Virtual events
    • Past events
  • Directory
  • Location
    • Jersey
    • Guernsey
    • Alderney
    • Isle of Man
  • About
  • Contact

© 2020 Channel Eye Limited

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.