An investigation by the Jersey Data Protection Authority that began early last year found that a member of staff at Children’s Services had disclosed the complainant’s ‘extremely sensitive special category information’ in relation to a child and family assessment. The JEP understands that the information related to sexual abuse that the Islander had suffered as a child.
The JDPA said the breach – contained within a written report known as a Child and Family Assessment – had been further compounded as it had been passed to a family member who had been unaware of the information contained within the document.
It was ruled that the complainant had nothing to do with the assessment and the information was of ‘no relevance at all’.
JDPA chairman Jacob Kohnstamm said: ‘The JDPA has determined that, on balance, the circumstances of this case were grave enough to warrant a public statement and, had the JDPA not been prevented by law from imposing a fine due to the controller being a public authority, the JDPA would have considered a fine in these circumstances.’
Information commissioner Paul Vane said: ‘All data controllers and processors have significant obligations in law to be accountable and to provide appropriate security for the personal data they are entrusted with.’
He added: ‘This is particularly important when the organisation concerned is a public authority working with, and for, children and their families, and dealing with the most sensitive forms of information, as building the trust and confidence of the Jersey public in government data-handling activities is paramount.’
