Temporary workers still require adequate data protection training, warns ICO

The Information Commissioner’s Office (ICO) is warning employers about the importance of making sure temporary staff – who regularly handle personal information – receive adequate data protection training.

The problem has been highlighted following four data breaches at the Great Ormond Street Hospital for Children NHS Foundation Trust. Letters including treatment information had been sent to the wrong addresses.

The ICO’s investigation found that some of the incidents related to the work of temporary staff that had not received adequate data protection training, despite their role routinely involving the handling of personal information. The trust also had no measures to check whether letters were being addressed to the correct recipient before sending.

ICO Enforcement Group Manager, Sally Anne Poole, said:

“This time of year often coincides with a rise in the number of temporary workers being employed across the UK. However the temporary nature of their employment doesn’t absolve employers of their legal responsibilities for making sure people’s information is being looked after correctly.

“If organisations are employing temporary or agency workers into positions that involve the handling and sending out of personal information then they must make sure these staff have received adequate data protection training. Great Ormond Street Hospital for Children NHS Foundation Trust failed to do this and have now been required to sign an undertaking with our office to improve their practices.”

The need for adequate training applies to all employees and the incident recorded here is not unusual. You could have a catalogue of policies and procedures in place but they are only as effective as the people who use them, and this means they need to understand them.

For more information on our Training Services please call us on 07793 600650.

Reference: ICO News release: 21 November 2013
http://ico.org.uk/news/latest_news/2013/Temporary-workers-still-require-adequate-data-protection-training