Previous Story
‘Thousands’ Of Data Breaches At Councils
Posted On Aug 11 2015
Comment: Off
In some cases council staff were found to have accessed material “for personal interest”. “This should include a duty to inform people when their personal information may have been involved in a breach”.
Dan Nesbitt from Big Brother Watch told the BBC councils should do more to stop it happening: “We’ve outlined a number of part recommendations in this report and these range from the very high level like interviews and custodial sentences for the very worst offences where large amounts of data has been lost or stolen, to more low level, simple techniques and that’s making sure that everyone who handles data in councils is properly trained”.
The report also reveals that 5,293 letters were sent to the wrong address or contained personal information not intended for the recipient.
Despite the breaches, no one has resigned or been convicted.
In the three years covered by the report (PDF), more than 400 devices, including 180 mobile phones, computers, tablets and USBs, were lost or stolen.
Meanwhile, three breaches were identified in Fife over the three-year period examined, one of which resulted in a staff suspension, although no further information was given on the nature of those cases.
Another saw a CCTV operator in Cheshire use cameras to watch a colleague’s wedding.
The “shockingly lax attitudes” that local authorities show towards protecting private records is exposed in a study by the civil liberties group Big Brother Watch.
Big Brother Watch’s report, A Breach of Trust, has called for stiffer penalties – including prosecution for the most serious offences – and better training to prevent future breaches from occurring.
Despite the worrying stats, no disciplinary action was taken after a breach in 68% of cases, with only 50 local council employees losing their jobs as a result and 39% resigning – just 2.1% of the total.
Disciplinary action was taken on seven occasions including for a member of staff accessing information for personal gain.
– In Portsmouth a member of staff was sacked for passing “highly sensitive confidential” information to a third party.
The data breach at Aberdeenshire Council was one of 36 at North-east councils between 2011-14.
A spokesperson for Perth and Kinross Council said: “The council recognises the importance of information security and our employees have received clear guidance on how to protect personal data appropriately”.
In the case of the worker’s salary which was revealed through a Freedom of Information request, the error was put down to an oversight as the document was edited in preparation of its publication.
Julie Grant, Doncaster Council’s assistant director of customer Services and ICT said: “Doncaster Council takes its obligations under the Data Protection Act extremely seriously and records every single incident no matter how minor to ensure personal data is as secure as possible at all times”.
