ICO reprimands Clyde Valley Housing Association

Earlier this year, the ICO issued a reprimand against Clyde Valley Housing Association (the Association) for failing to keep its residents’ data secure.

The infringement occurred when the Association introduced a new customer portal. When residents logged in, they were able to see details of other residents, as well as their own details.

The Association was informed, but the call handler failed to escalate the issue. When further reports were made, these were escalated, and the Association proceeded to lock the accounts and suspend the portal.

The portal was tested prior to introduction, but the testing did not focus on data protection or the possibility of a data breach.

This reprimand raises two issues, the first being the importance of training all staff to identify data breaches when they arise by using relevant examples to help staff really understand and feel confident in identifying a breach and what they need to do once they have identified a breach.

The second relates to the introduction of new systems which hold personal data. Testing these systems in relation to their data protection capabilities and functionality is essential. You should not assume that systems will be set up to automatically to protect privacy in the way you want them to.

You can find the full reprimand here.

If you would like any help with staff training or considering the data protection implications of a new system which holds personal data, get in touch with your usual contact or by emailing hello@hellodpo.com



Don't just take our word for it