Privacy settings

LGO logogram

Review your privacy settings

Required cookies

These cookies enable the website to function properly. You can only disable these by changing your browser preferences, but this will affect how the website performs.

View required cookies

Analytical cookies

Google Analytics cookies help us improve the performance of the website by understanding how visitors use the site.
We recommend you set these 'ON'.

View analytical cookies

In using Google Analytics, we do not collect or store personal information that could identify you (for example your name or address). We do not allow Google to use or share our analytics data. Google has developed a tool to help you opt out of Google Analytics cookies.

Portsmouth City Council (18 008 620)

Category : Children's care services > Other

Decision : Closed after initial enquiries

Decision date : 20 Mar 2019

The Ombudsman's final decision:

Summary: Mr X complains on behalf of his son, Mr F, that the Council breached data protection regulations by sending Mr F’s daughter’s Child in Need plan to the wrong family member. He says this caused Mr F injustice because it breached his personal data. Mr X also complains that the Council handled his complaint about the data breach poorly, and that he has spent time and trouble dealing with this. The Ombudsman will not investigate Mr X’s complaint. This is because Mr X has already complained to the Information Commissioner’s Office, which is better placed to deal with complaints of this nature. It is not a good use of public money to investigate complaint handling where we do not investigate the main issue complained about.

The complaint

  1. The complainant, who I refer to here as Mr X, complains on behalf of his son, Mr F. Mr X says that:
      1. the Council breached data protection regulations by sending Mr F’s daughter’s Child in Need plan to a different family member (not a parent);
      2. the Council failed to meet its legal obligations because it did not report the breach to the Information Commissioner’s Office (ICO), then filed an inaccurate report to the ICO, and refused to correct it;
      3. the Council failed to recognise Mr F as a victim, did not contact him to notify him of the breach, and did not apologise to him;
      4. the Council’s actions show a systematic cover-up of the failure which has been ‘rubber-stamped’ by the Chief Executive; and,
      5. the Council handled the complaint poorly.
  2. Mr X says this has caused Mr F injustice because the Council breached Mr F’s personal data. Mr X says he has spent time and trouble dealing with this, and it caused frustration having to repeatedly contact the Council for an outcome.

Back to top

The Ombudsman’s role and powers

  1. We investigate complaints about ‘maladministration’ and ‘service failure’. In this statement, I have used the word ‘fault’ to refer to these. We must also consider whether any fault has had an adverse impact on the person making the complaint. I refer to this as ‘injustice’. We provide a free service, but must use public money carefully. We may decide not to start or continue with an investigation if we believe there is another body better placed to consider this complaint. (Local Government Act 1974, section 24A(6), as amended)
  2. We normally expect someone to refer the matter to the Information Commissioner if they have a complaint about data protection. However, we may decide to investigate if we think there are good reasons. (Local Government Act 1974, section 24A(6), as amended)
  3. We may investigate complaints made on behalf of someone else if they have given their consent. (Local Government Act 1974, section 26A(1), as amended)

Back to top

How I considered this complaint

  1. Mr F gave written consent for Mr X to represent the complaint on Mr F’s behalf.
  2. I considered the information and documents provided by Mr X and the Council. I have also considered the Information Commissioner’s Office’s response to the Council about the data breach.
  3. Mr X and the Council had an opportunity to comment on an earlier draft of this statement. I considered all comments before I reached a final decision.

Back to top

What I found

  1. Mr F’s daughter, Z, was made subject to a Child in Need plan. In February 2018, the Council sent a copy of Z’s Child in Need plan to her cousin, C (also a child). C’s mother, Ms B, opened the envelope and saw the Child in Need plan.
  2. The next day, family members called Z’s social worker and reported the data breach.
  3. In April, Mr X complained to the Council. This went through the Council’s three stage complaints procedure. The Council upheld his complaint. Mr X told the Council he had made a formal complaint to the Information Commissioner’s Office.
  4. In September, the Information Commissioner’s Office (ICO) sent the Council its response to the data breach. The ICO said there was no further action necessary. It was satisfied with the Council’s actions at the time and since the breach. The ICO said it considered the matter closed.
  5. In November, Mr X contacted the ICO about his ongoing complaint.


  1. I will not investigate parts a, b, c and d of Mr X’s complaint, about the Council’s handling of the data breach. This is because it has already been considered by the appropriate body, the ICO. The ICO’s role is to not only look at why a data breach happened but also how a council handled it and about councils’ policies about data breaches.
  2. The ICO has already dealt with the data breach from the Council’s side. Mr X has complained to the ICO about this matter, and his complaint with the ICO is ongoing.
  3. I will not investigate part e of Mr X’s complaint, about complaint handling. It is not a good use of public resources to investigate complaints about complaint procedures if we are unable to deal with the substantive issue.

Back to top

Final decision

  1. I have closed this investigation for the reasons given above (paragraphs 14 to 16).

Back to top

Investigator's decision on behalf of the Ombudsman

Print this page