Share

ICO finds ‘unacceptable’ failings in data protection procedures at the Alzheimer’s Society

ICO finds ‘unacceptable’ failings in data protection procedures at the Alzheimer’s Society
News

ICO finds ‘unacceptable’ failings in data protection procedures at the Alzheimer’s Society

IT | Kirsty Weakley | 7 Jan 2016

The Information Commissioner has criticised the Alzheimer’s Society for allowing volunteers to use personal email addresses when handling sensitive information, and issued the charity with an enforcement notice.

After investigating the charity the ICO found that volunteers were using personal email addresses to receive and share information about people who use the charity, storing unencrypted data on their home computers and failing to keep paper records locked away. They had also not received data protection training.

Stephen Eckersley, head of enforcement at ICO, said: “In failing to ensure volunteers were properly supported, this charity showed a disappointing attitude towards looking after the very sensitive information that people trusted them with.

“Volunteers form the cornerstone of many charities’ work and we all admire and appreciate their personal commitment and goodwill. They play an important role and must be given the support to handle personal data as safely as paid members of staff. Anything less is unacceptable and, considering the vulnerability of the people who use the Society’s services, we have acted.”

The failings are connected to a group of 15 volunteers who were recruited in 2001 to help dementia sufferers and their families access NHS funding, and part of their role included drafting reports that contained sensitive information about individuals’ treatment. Over a seven-year period they collectively handled 1,920 cases.

Eckersley added: “Our investigation revealed serious deficiencies in the way the Alzheimer’s Society handles personal information. Some of these have been addressed, but the extent and persistence of the charity’s failure to do as we’ve asked means we must now take more formal action.”

The ICO first issued the charity with an undertaking in 2010 following a security breach. It then carried out an audit in 2013 and made further recommendations. A follow-up audit in March 2014 found that the charity had not implemented a recommendation.

Further investigation was carried out after a second security breach in April 2015. It found that the charity breached two data protection principles in keeping data longer than needed and failing to take “appropriate technical and organisational measures”, the enforcement notice said.

The charity's website was also hacked in 2015, putting at risk 300,000 email addresses, 66,000 home addresses, phone numbers and some birth dates. 

The Alzheimer’s Society has been ordered to take steps to address the issues within six months. This includes providing volunteers with secure email accounts.

If the charity does not comply with the enforcement notice it could face prosecution. It has a right to appeal the notice at a tribunal.

Alzheimer's Society issued a statement apologising for the lapses and confirming it had taken steps to address the issues.

Brett Terry, director of people and organisational development and senior information risk owner, said: “We are very sorry that data breaches have occurred. We have taken a number of steps to build on and improve our technology systems and processes to ensure that we meet and exceed both ICO guidance and industry standards.

“As an organisation, we exist to support the most vulnerable in society. We take this responsibility, which includes data protection, extremely seriously. We want to reassure our supporters and wider stakeholders that every measure is being taken to ensure their data is kept safe.

“We would like to stress that, after comprehensive checks, to the best of our knowledge no personal data has been compromised.” 
 

Comments

[Cancel] | Reply to:

Close »

Community Standards

The civilsociety.co.uk community and comments board is intended as a platform for informed and civilised debate.

We hope to encourage a broad range of views, however, there are standards that we expect commentators to uphold. We reserve the right to delete or amend any comments that do not adhere to these standards.

We welcome:

  • Robust but respectful debate
  • Strongly held opinions
  • Intelligent relevant discussion
  • The sharing of relevant experiences
  • New participants

We will not publish:

  • Rude, threatening, offensive, obscene or abusive language, or links to such material
  • Links to commercial organisations or spam postings. The comments board is not an advertising platform
  • The posting of contact details for yourself or others
  • Comments intended for malicious purpose or mindless abuse
  • Comments purporting to be from another person or organisation under false pretences
  • Gratuitous criticism, commentary or self-promotion
  • Any material which breaches copyright or privacy laws, or could be considered libellous
  • The use of the comments board for the pursuit or extension of personal disputes

Be aware:

  • Views expressed on the comments board are left at users’ discretion and are in no way views held or supported by Civil Society Media
  • Comments left by others may not be accurate, do not rely on them as fact
  • You may be misunderstood - sarcasm and humour can easily be taken out of context, try to be clear

Please:

  • Enjoy the opportunity to express your opinion and respect the right of others to express theirs
  • Confine your remarks to issues rather than personalities

Together we can keep our community a polite, respectful and intelligent platform for discussion.

Tags

Canal and River Trust sees hundredfold growth in volunteering hours

27 Jul 2016

The Canal and River Trust has seen volunteering rise almost a hundredfold since the start of the decade,...

Oxfam International to move headquarters to Nairobi

26 Jul 2016

Oxfam International has announced that it will move the Oxfam International Secretariat from Oxford, where...

JustGiving pays £1.6m reclaimed gift aid to thousands of charities after updated HMRC guidance

25 Jul 2016

Charities that lost out on gift aid payments because donations on JustGiving included messages of support...

Remember a Charity announces date for this year's awareness week

29 Jul 2016

Remember a Charity has unveiled its plans for this year’s legacy awareness week which will be held between...

FRSB finds that both the RSPCA and Battersea Dogs and Cats Home breached code in work with FIL

28 Jul 2016

The Fundraising Standards Board has found that the RSPCA and Battersea Dogs and Cats Home breached a number...

Deadline for completion of proposed PFRA and IoF merger delayed

27 Jul 2016

The Public Fundraising Association has delayed the deadline for the completion of its proposed merger...

Charity Commission to publish guidance on taking legal action

29 Jul 2016

The Charity Commission will soon publish new guidance for trustees about when to take or defend legal...

Foundations back inquiry into the future of civil society

29 Jul 2016

A group of charitable funders including the Baring Foundation, Barrow Cadbury Trust  and Lankelly...

Charitable funds used to buy night vision equipment for convicted terrorist

28 Jul 2016

The Charity Commission has removed a convicted terrorist as a trustee and transferred money he raised...