Southwark Council left files abandoned for two years
A south-east London council which left more than 7,000 people's personal details in an empty building for more than two years has avoided a fine.
Southwark Council lost a computer and papers containing medical records and other details, the Information Commissioner's Office (ICO) said.
However the data breach happened before new powers were brought in allowing the ICO to fine organisations.
The council has agreed to an ICO audit to help improve its data handling.
A computer and papers were found in June by the new tenant of a building the council had vacated two years earlier.
The information included details of peoples' names and addresses, along with other information relating to their ethnic background, medical history and any past criminal convictions.
Sally Anne Poole, acting head of enforcement at the ICO, said: "The fact that thousands of residents' personal details went missing for over two years clearly shows that Southwark Council's policies for handling personal information are below standard."
An audit will be completed next year to help the council identify ways it can better comply with the Data Protection Act, she said.
A Southwark Council spokesman said: "As soon as this incident was reported to us, we instantly launched an internal investigation and worked closely with all other relevant authorities to ascertain exactly what had happened."
He added that a number of improvements had been put in place to improve the handling and storage of data.