Privacy campaigners say citizens’ private information is not safe with local government following 4,236 separate data breaches by authorities between 2011 and 2014.
Big Brother Watch’s report, A Breach of Trust, has called for stiffer penalties – including prosecution for the most serious offences – and better training to prevent future breaches from occurring.
“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them,” said Emma Carr, director of Big Brother Watch. “A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.”
The report also reveals that 5,293 letters were sent to the wrong address or contained personal information not intended for the recipient. This figure is larger than the overall number of breaches because many councils report a breach involving several people as a single instance.
More worryingly is that information about children occurred in 658 of the breaches, most notably during a breach at Lewisham Council where a social worker left papers on a train including sensitive information about ten children. Details included names, addresses, dates of birth and information related to registered sex offenders, police reports and child protection reports.
Another instance at Aberdeenshire City Council saw the theft of an unencrypted laptop containing the details of 200 schoolchildren, although this was recovered.
One in ten breaches resulted in disciplinary action, which resulted in 39 resignations, 50 dismissals and one court case, but Big Brother Watch recommends that custodial sentences should be introduced for the most serious of offences and those who commit them should be given criminal records.
It also calls for mandatory data protection training and reporting of breaches that contain information about a member of the public as well as standardised reporting systems and procedures.
“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public,” continued Carr. “Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required. Until we see these policies implemented, the public will simply not be able to trust local councils with their data.”
TechWeekEurope has contacted the Information Commissioner’s Office (ICO), the body tasked with investigating and punishing such breaches, but had not received a response at the time of publication.
What do you know about ICO and its counterparts? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
Did your investigation discover the percentage of loss caused by the private sector outsourcing of council services? This is all a symptom of the pressures local govt are facing with dramatically reduced budgets. Granted, leaving documents on a train is inexcusable, but a sign that HR are not driving the human element - data protection is far too often perceived as an IT issue, when the largest failures are actually in HR, lax vetting etc.