Data Breached During Children's Services Video Call

Jersey's Children's Services department has been found to have breached data protection laws for the second time in six months.

The Department for Children, Young People, Education and Skills has been issued with a formal reprimand by the island's Data Protection Authority.

The incidents relate to the use of online video conferencing for a child protection meeting - where sensitive personal information was disclosed to people who should not have been on that part of the call, and also to an email sent to someone it shouldn't have.

CYPES also failed to report itself to the Authority - which in itself constitutes a third breach.

The DPA previously issued a public statement in October when a Children's Services staff member included extremely sensitive information in a report unnecessarily and it was disclosed to a family member.

Jersey's laws prevent the authority from fining the government department, though it says it would have considered one if it could have.

The CYPES offices on the Highlands College campus

The island's Information Commissioner, Paul Vane, says laws are in place to protect personal information from being misused:

"This Inquiry highlights the importance of ensuring robust security measures are in place when processing personal information, especially when it is of a sensitive nature.

The rise of online conferencing platforms during the Covid-19 pandemic has led to organisations implementing new ways of carrying out their day-to-day work, but it is important for organisations to ensure that all their staff are fully trained in the use of such platforms, including the risks of use and what they can do to mitigate such risks.

It also highlights the impact a lack of basic awareness can have on the rights, freedoms and privacy of individuals and the distress that can occur when things go wrong.

In line with the ‘Data Security, Integrity and Confidentiality’ Principle of the Law, Data Controllers must ensure the appropriate measures are taken to protect people’s personal information and ensure staff remain vigilant and are appropriately trained."

Children's Services has increased staff training on data protection and changed its procedures for video conferencing and emailing sensitive information.