Newcastle City Council Data Breach Exposes Details Of Adopted Children

Newcastle City Council is under investigation by the Information Commissioner’s Office (ICO) for a data breach that saw details about adopted children and their parents sent out in an email by mistake.

Names, addresses and birth dates of 2,743 adopted children, alongside details of parents, social workers and former adoptees, were included in a spreadsheet attached to the city’s annual adoption summer party. As many as 77 people received the attachment.

The council has said the mistake was caused by human error and that it has taken steps to mitigate the leak, contact all those involved, and to ensure it doesn’t happen again. A helpline has been set up for those who think they may have been affected, while staff training has been involved.

Newcastle data breach

“I am truly sorry for the distress caused to all those affected,” said Newcastle City Council’s director of people, Ewen Weir. “We will work closely with the affected families and individuals to support them at this trying time. The council takes data protection and confidentiality very seriously and has acted swiftly to understand what happened and who has been affected.

“This breach appears to have been caused by human error and a failure to follow established procedures. We are conducting a thorough review of our processes to identify what changes we can make to ensure that this never happens again.”

The ICO confirmed to the BBC it was investigating the incident.

“On 15 June 2017, an employee in the council’s adoption team accidentally attached an internal spreadsheet to emails inviting adoptive parents to the council’s annual adoption summer party,” the ICO is quoted as saying.

“The email and attachment were sent to 77 people. This attachment contained personal details relating to 2,743 individuals, comprising current and former adoptees, parents and social workers who had been involved with these families.

“The spreadsheet included personal information such as names, addresses and the birthdates of the adopted children.”

Only last month, the ICO fined Basildon Council £150,000 for publishing the personal information of a family online.

Quiz: Are you a privacy expert?