大象传媒

Jersey children's services inquiry into online data breaches

Jersey States
Image caption,

Following an inquiry, Jersey's States said it had taken steps to make improvements

At a glance

  • Jersey's children's services was found to have failed to meet its responsibilities for the second time in six months

  • The breaches related to personal information being disclosed to people who it should not have been shared with

  • The States said it had held a full inquiry and taken steps to make improvements

  • Published

Jersey's children's services department failed to meet responsibilities for protecting data twice in six months, the data protection authority has found.

The information commissioner said the department shared sensitive information with people it should not have on both occasions.聽

A States spokesperson said there had been a full inquiry into what had happened and the service had taken immediate steps to make improvements.

The breaches related to the department鈥檚 use of an online conferencing platform to hold a child protection meeting.

During the meeting, sensitive personal information about an individual was disclosed to other call participants, who should not have been present for that part of the call.

A second breach was made when a disclosure made by a family member, who was present on the call, was then disclosed by the department to an unintended recipient via email.

The data protection authority said the department failed to report the breaches within the legally required timescale.

Jersey data protection authority chairman Jacob Kohnstamm said that where organisations did not take their legal responsibilities to protect such data seriously, or were "negligent", consideration "will be given to the appropriate sanction".