Bristol City Council Data Breach Revealed Names Of Disabled Children

Bristol City Council has suffered a damaging data breach and the Information Commissioner’s Office (ICO) has been informed.

Earlier this week, the council sent out a mass email to hundreds of people, as part of a consultation asking for people to take part in a survey about a new support service.

The only problem was the names and email addresses of hundreds of children who are either disabled or have special educational needs, was visible to all recipients.

Mass email

The email has been seen by the BBC, which reported that the email had been sent by the disabled children and specialist services department of the council on Monday morning, 23 November.

A parent, who wished to remain anonymous, and who received one of the emails, told the BBC it was “a fundamental breach of trust and data.”

“It really signifies the disdain that they have for families with disabled children,” the parent reportedly said. “It’s such a lack of concern for us. I feel this really exemplifies their indifference to the plight of disabled children in Bristol.”

According to the parent, there were 487 names of children and their carers visible on the email she received, and those names were all between “H and L” alphabetically, “so there will be a lot more.”

“Ironically, it’s about a survey that they want us to fill in to tell them how they can improve their services,” she reportedly said. “It’s very difficult to put into words how ridiculous and unnecessary it is.”

And it seems that council has realised the mistake, which could potential involve a hefty fine from the ICO.

“We are aware a breach of the General Data Protection Regulation (GDPR) has occurred and we have been in contact with those affected and have apologised,” a Bristol City Council spokesman told the BCC.

“This case has been referred to the Information Commissioner’s Office (ICO) and we will comply fully with their protocol,” he added. “Following a personal data breach an investigation is carried out into the causes.”

The problem stems from the fact that the email’s recipient list was not hidden on the mass email.

The council has reportedly apologised to parents and asked everyone who received the email to delete it.

Council fines

The ICO has a record of handing out stiff penalties to councils for data breaches over the past decade.

In 2011 the ICO imposed a penalty of £120,000 on Surrey County Council for disclosing individuals’ personal data on three separate occasions.

Also in 2011 Ealing and Hounslow Councils lost laptops that contained sensitive personal data. The ICO fined Ealing Council with a £80,000 fine, whereas Hounslow Council was fined £70,000.

In 2012 Stoke-on-Trent City Council was ordered by the ICO to cough up £120,000 after a “serious breach” that saw sensitive information on a child protection legal case, being emailed to the wrong person back in December 2011.

That same year the ICO also fined Cheshire East Council £80,000 for failing to have adequate security measures in place when emailing personal information.

Also in 2012 the ICO fined Telford and Wrekin Council with a £90,000 fine, for two data breaches, involving staff working in Safeguarding Services disclosing sensitive information of vulnerable children.

Then in 2013 the ICO fined the North East Lincolnshire Council £80,000, after a teacher in 2011 lost a memory stick with information about hundreds of children with special educational needs.

In 2017 the ICO fined Basildon Council £150,000 for publishing the personal information of a family online.

Also in 2017 the ICO fined Gloucester City Council £100,000 for leaving sensitive personal information open to attack.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Cryptocurrency Warning From Bank Of England Governor

Blunt message from Bank of England governor Andrew Bailey, warning people only to buy cryptocurrency…

2 days ago

Jeff Bezos Offloads $2 Billion In Amazon Shares

Needs some spending money...Amazon CEO Jeff Bezos has this week sold nearly $2 billion worth…

2 days ago

Twitter Suspends Account Sharing Trump Posts

Shutdown again. An account has been suspended by Twitter for sharing the posts from Donald…

2 days ago

IBM Claims Breakthrough With 2 Nanometer Chip

Research boffins at IBM are touting a major leap forward in performance and energy efficiency…

3 days ago

Twitter Now Prompts Users To Revise ‘Harmful Replies’

Trolls beware. Twitter releases feature that will deliver a 'reconsider prompt' for users, if they…

3 days ago

Old Routers Pose Security Risk, Warns Which?

Elderly routers that can no longer receive firmware updates posed security risk to millions of…

3 days ago