Birmingham Council-owned children’s services unit reprimanded for ‘criminal allegations’ data breach – PublicTechnology

Birmingham Children’s Trust has been formally instructed to improve its data protection policies after sharing ‘personal information and criminal allegations relating to a child’ with the wrong family

Birmingham City Council’s independent children’s services unit has been reprimanded by regulators for a data protection breach.

The incident, which is alleged to have taken place in November 2022, saw “a child’s personal information… improperly disclosed to another family” by the council-owned Birmingham Children’s Trust Community Interest Company.

According to the Information Commissioner’s Office, the information in question – which was wrongly shared when the trust “worked with two neighboring families” – included details of “personal information and criminal charges relating to a child in the neighboring family”. This was wrongly included in the communication sent to a family “after being copied from the minutes of the meeting”.

Following an investigation into the breach, the ICO concluded that the trust did not have the necessary policies in place to ensure that such sensitive information was adequately protected.

Similar Content

The reprimand issued by the regulator requires the children’s services body to “implement a more granular approach to data protection and create a Standard Operating Procedure in relation to the production of welfare documents”. This procedure is supposed to ensure that all welfare documents – or ‘products’ – are ‘independently verified by someone other than the author prior to disclosure’ externally. The trust has also been instructed to “create and implement a corporate drafting policy that ensures staff have the knowledge and tools to draft product if necessary”.

Sally-Anne Poole, Head of Investigations at the ICO, said: “Children’s personal information requires extra protection and should be treated with great care. This disclosure of personal information by social workers at Birmingham Children’s Trust Community Interest Company was a breach of confidentiality which would have caused distress to both the child and their family. We expect all organizations that process personal information to ensure they have robust policies and procedures in place to protect it. We will take action when personal information, particularly that of children and young people, is compromised.”

The trust was created after it was effectively separated from the council in 2018. Although it remains owned by the local authority, the trust operates independently and at arm’s length from the authority.

A spokesman for Birmingham Children’s Trust said: “We have carefully considered the ICO’s recommendations and have taken action to prevent such an event from happening again. We continue to monitor this area of ​​activity and are also working on wider procedural changes to further help protect the personal data we work with.”