Scottish Borders Council fined £250,000 for records breach
A local authority has been fined £250,000 after former employee pension records were found in a paper recycle bank in a supermarket car park.
The penalty has been imposed on Scottish Borders Council by the Information Commissioner's Office.
Many of the files contained salary and bank account details. They were spotted, last year, by a member of the public who called police.
The council said it was disappointing to receive such a high fine.
A total of 676 files relating to SBC's Local Government Pension Scheme were recovered from the recycling bank in September 2011.
The council checked them against records and then securely destroyed them.
A further 172 files had been processed at another bank but the council said this would have been carried out mechanically.Identity fraud
The Information Commissioner said the council had employed an outside company to digitise the records, but failed to seek appropriate guarantees on how the personal data would be kept secure.
Ken Macdonald, assistant commissioner for Scotland, said: "This is a classic case of an organisation taking its eye off the ball when it came to outsourcing.
End Quote Tracey Logan Scottish Borders Council
This additional expenditure is obviously unhelpful at a time when public funding is already stretched”
"It is only good fortune that these records were found by someone sensible enough to call the police. It is easy to imagine other circumstances where this information could have exposed people to identity fraud and possible financial loss through no fault of their own.
"If one positive can come out of this, it is that other organisations realise the importance of properly managing third parties who process personal data."
Scottish Borders Council said measures had already been put in place to ensure there was no repeat of the incident.
Chief Executive, Tracey Logan, said: "It is very disappointing to receive such a high monetary penalty from the ICO especially in the current economic climate.
"We do acknowledge the seriousness of this breach and have already taken steps to ensure data protection continues to be a priority across the council.
"We are fully committed to the complying with the terms set out in the ICO's undertaking.
She said all contracts with suppliers were now established and monitored by specialist procurement staff and the council would continue to train, support and raise awareness on the importance of data protection.
She added: "This additional expenditure is obviously unhelpful at a time when public funding is already stretched.
"We do have robust financial monitoring processes in place across the council however, and have always ensured we have the funds available to cover such unforeseen costs within our reserves."