Elderly Man Lacked Capacity to Make Final Will
The High Court recently upheld a claim that an elderly man’s final will was invalid on the grounds that he lacked testamentary capacity. The man and his wife had...
Continue readingA Scottish charity, Enable Scotland, has given an undertaking to take specific action to improve its compliance with the Data Protection Act 1998 (DPA) after two unencrypted memory sticks and papers containing the personal details of 101 people were stolen from the home of one of its employees. A laptop was also stolen, but this did not contain any personal data, was password protected and had software installed on it that allowed its usage to be tracked. No usage had been logged since it was stolen.
The data on the memory sticks included a limited amount of information relating to the health of the individuals concerned. Enable Scotland reported the incident to the Information Commissioner’s Office (ICO) and informed the people whose personal data had been lost.
The charity had in place a policy that information contained on memory sticks was to be deleted once it had been uploaded onto the charity’s server, but this had not been complied with. There was no policy in place covering working away from the office.
The ICO found that Enable Scotland had breached the seventh data protection principle, which is that an organisation must have appropriate security to prevent the personal data it holds being accidentally or deliberately compromised. The charity has therefore undertaken to ensure the following:
The ICO has guidance for charities on data handling. This includes a ‘TH!NK PRIVACY’ training toolkit to remind staff of their obligations in this respect as well as guidance on complying with data protection law when carrying out marketing activities.
Search site
Contact our office
Get in touch