Independent fostering and adoption agencies do not always protect sensitive information with computer encryption, a new a new report. suggests.
Such agencies usually hold large amounts of sensitive information about vulnerable children in the care system and need to share this data with other organisations, principally local authorities.
The Information Commissioners Office (ICO) visited ten independent agencies around the country, identifying a number of issues, including a reluctance to use encryption when transferring data via email. According to “Findings from ICO advisory visits to independent fostering and adoption agencies”:
“It was reported that local authorities are often reluctant to accept encrypted information via email as their IT security systems block the messages and it can be time consuming and difficult to liaise with their IT team to unblock them.”
The report continued:
“In addition, it was suggested that local authorities may not wish to deal with a multitude of encryption programs being used by different agencies. Foster agencies in particular often send this information without encryption because they feel that if they do not provide a quick means for local authorities to access their foster carer’s information, a local authority will simply use another fostering service.”
The report also highlights a failure on the part of some to encrypt sensitive information on laptops and memory sticks, as well as a lack of appropriate training for staff and guidance for carers.
However, the ICO also concluded that most agencies did have robust systems in place for ensuring that only appropriate staff can access sensitive data.
John-Pierre Lamb is an ICO Group Manager in the Good Practice team. He said:
“The work fostering and adoption agencies carry out is vital to helping some of the most vulnerable young people in society. Keeping their sensitive personal information secure must be recognised as an important part of this process and agencies must have the necessary safeguards in place to keep this information safe whether it’s in the office, at home or on the road.”
“The worst breaches of the Data Protection Act can lead to a monetary penalty of up to £500,000, but when you consider the sensitivity of the information this sector is responsible for, the human cost could be far more significant.”
The ICO is now working on data protection guidance and related issues with national organisations Nationwide Association of Fostering Providers , the British Association for Adoption and Fostering and The Fostering Network .