Local Councils Cannot ‘Guarantee’ Your Personal Data Is Safe

data protection, GDPR

Report from privacy campaigners at Big Brother Watch show there were 4,236 data breach incidents between 2011 and 2014 in local government

Privacy campaigners say citizens’ private information is not safe with local government following 4,236 separate data breaches by authorities between 2011 and 2014.

Big Brother Watch’s report, A Breach of Trust, has called for stiffer penalties – including prosecution for the most serious offences – and better training to prevent future breaches from occurring.

“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them,” said Emma Carr, director of Big Brother Watch. “A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.”

Worrying trend

data security breachFreedom of Information requests show that during a three year period, local councils reported 401 instances of data loss or theft, 628 instances of incorrect or inappropriate data being shared on letters, emails and faxes and 197 mobile phones, PCs, tablets and USB sticks being lost or stolen – an astonishing 75 percent of which occurred in Glasgow.

The report also reveals that 5,293 letters were sent to the wrong address or contained personal information not intended for the recipient. This figure is larger than the overall number of breaches because many councils report a breach involving several people as a single instance.

More worryingly is that information about children occurred in 658 of the breaches, most notably during a breach at Lewisham Council where a social worker left papers on a train including sensitive information about ten children. Details included names, addresses, dates of birth and information related to registered sex offenders, police reports and child protection reports.

Tougher punishments

Another instance at Aberdeenshire City Council saw the theft of an unencrypted laptop containing the details of 200 schoolchildren, although this was recovered.

One in ten breaches resulted in disciplinary action, which resulted in 39 resignations, 50 dismissals and one court case, but Big Brother Watch recommends that custodial sentences should be introduced for the most serious of offences and those who commit them should be given criminal records.

It also calls for mandatory data protection training and reporting of breaches that contain information about a member of the public as well as standardised reporting systems and procedures.

“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public,” continued Carr. “Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required.  Until we see these policies implemented, the public will simply not be able to trust local councils with their data.”

TechWeekEurope has contacted the Information Commissioner’s Office (ICO), the body tasked with investigating and punishing such breaches, but had not received a response at the time of publication.

 What do you know about ICO and its counterparts? Take our quiz!