More care needed after website leaves 7,500 CVs on public view
19 July 2013
A job site for care workers has been taken to task by the Information Commissioner’s Office (ICO) for leaving the details of 7,435 CVs stored unprotected on the site.
Fri, 19 Jul 2013A job site for care home and domiciliary care workers has been taken to task by the Information Commissioner’s Office (ICO) for leaving the details of 7,435 CVs stored unprotected on the site.
According to an undertaking published by the ICO, Janet Thomas, data controller for the site www.janetpage.com, “failed to ensure appropriate technical security measures were in place to provide an adequate level of protection”. The undertaking says the CVs “were freely accessible and available to download by any member of the public”.
The undertaking reported that Thomas was not aware of the breach until a complaint from a jobseeker who had posted a CV on the site.
The ICO investigation further revealed that the data controller did not have adequate data protection training, and that its information security policy and procedures were lacking.
“At the time of the incident, the data controller believed that the section of the website, in which the CVs were stored, had been hacked by an individual seeking work. However, the data controller has been able to provide any technical evidence to support this assumption,” the undertaking said.
The ICO agreed to not serve an enforcement notice for the 2012 incident in consideration of remedial action since taken by the Doncaster-based Thomas.
The undertaking, signed by Thomas, agrees to stronger data protection measures and regular training for all staff on data protection measures.
According to an undertaking published by the ICO, Janet Thomas, data controller for the site www.janetpage.com, “failed to ensure appropriate technical security measures were in place to provide an adequate level of protection”. The undertaking says the CVs “were freely accessible and available to download by any member of the public”.
The undertaking reported that Thomas was not aware of the breach until a complaint from a jobseeker who had posted a CV on the site.
The ICO investigation further revealed that the data controller did not have adequate data protection training, and that its information security policy and procedures were lacking.
“At the time of the incident, the data controller believed that the section of the website, in which the CVs were stored, had been hacked by an individual seeking work. However, the data controller has been able to provide any technical evidence to support this assumption,” the undertaking said.
The ICO agreed to not serve an enforcement notice for the 2012 incident in consideration of remedial action since taken by the Doncaster-based Thomas.
The undertaking, signed by Thomas, agrees to stronger data protection measures and regular training for all staff on data protection measures.
- Click for more social care recruitment news and views from recruiter.co.uk
