CIPR agrees to review data protection policy after membership form loss

The CIPR has been called on by the Information Commissioners Office to review its data protection policy, following the accidental loss of 30 membership forms last year.

CIPR CEO: Jane Wilson reviews data protection
CIPR CEO: Jane Wilson reviews data protection
Last May, PRWeek reported that personal information from 30 membership applications was 'misplaced on public transport'.

Following this incident, the CIPR has signed an undertaking with the ICO to develop a policy for handling personal data outside the office, which it did not previously have.

The CIPR has signed an undertaking to review its data protection policy and make sure that it is communicated to staff by the end of February.

The undertaking reads: ‘The Commissioner has also considered the fact that some of the data stolen in this incident consisted of information as to the ethnic origin of the data subjects and/or their physical or mental health or condition.’

CIPR CEO Jane Wilson said: ‘At the time of the highly regrettable loss of membership application forms in May 2011, the CIPR took swift action to find and compensate people whose identity or personal data could have been compromised. We followed up with a thorough, independent investigation and cooperated fully with the Information Commissioner’s Office.

‘We have reviewed our data handling policies and our staff training and the ICO have confirmed to us in writing that the actions we have taken were correct in the circumstances. We are very grateful for the understanding and cooperation we received from those who were affected by the loss and would like to reassure our members that steps have been taken to ensure this is highly unlikely to happen again.’


Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in