Jersey children's services inquiry into online data breaches
At a glance
Jersey's children's services was found to have failed to meet its responsibilities for the second time in six months
The breaches related to personal information being disclosed to people who it should not have been shared with
The States said it had held a full inquiry and taken steps to make improvements
- Published
Jersey's children's services department failed to meet responsibilities for protecting data twice in six months, the data protection authority has found.
The information commissioner said the department shared sensitive information with people it should not have on both occasions.
A States spokesperson said there had been a full inquiry into what had happened and the service had taken immediate steps to make improvements.
The breaches related to the department’s use of an online conferencing platform to hold a child protection meeting.
During the meeting, sensitive personal information about an individual was disclosed to other call participants, who should not have been present for that part of the call.
A second breach was made when a disclosure made by a family member, who was present on the call, was then disclosed by the department to an unintended recipient via email.
The data protection authority said the department failed to report the breaches within the legally required timescale.
Jersey data protection authority chairman Jacob Kohnstamm said that where organisations did not take their legal responsibilities to protect such data seriously, or were "negligent", consideration "will be given to the appropriate sanction".