Local Councils Cannot ‘Guarantee’ Your Personal Data Is Safe

Privacy campaigners say citizens’ private information is not safe with local government following 4,236 separate data breaches by authorities between 2011 and 2014.

Big Brother Watch’s report, A Breach of Trust, has called for stiffer penalties – including prosecution for the most serious offences – and better training to prevent future breaches from occurring.

“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them,” said Emma Carr, director of Big Brother Watch. “A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.”

Worrying trend

Freedom of Information requests show that during a three year period, local councils reported 401 instances of data loss or theft, 628 instances of incorrect or inappropriate data being shared on letters, emails and faxes and 197 mobile phones, PCs, tablets and USB sticks being lost or stolen – an astonishing 75 percent of which occurred in Glasgow.

The report also reveals that 5,293 letters were sent to the wrong address or contained personal information not intended for the recipient. This figure is larger than the overall number of breaches because many councils report a breach involving several people as a single instance.

More worryingly is that information about children occurred in 658 of the breaches, most notably during a breach at Lewisham Council where a social worker left papers on a train including sensitive information about ten children. Details included names, addresses, dates of birth and information related to registered sex offenders, police reports and child protection reports.

Tougher punishments

Another instance at Aberdeenshire City Council saw the theft of an unencrypted laptop containing the details of 200 schoolchildren, although this was recovered.

One in ten breaches resulted in disciplinary action, which resulted in 39 resignations, 50 dismissals and one court case, but Big Brother Watch recommends that custodial sentences should be introduced for the most serious of offences and those who commit them should be given criminal records.

It also calls for mandatory data protection training and reporting of breaches that contain information about a member of the public as well as standardised reporting systems and procedures.

“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public,” continued Carr. “Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required.  Until we see these policies implemented, the public will simply not be able to trust local councils with their data.”

TechWeekEurope has contacted the Information Commissioner’s Office (ICO), the body tasked with investigating and punishing such breaches, but had not received a response at the time of publication.

What do you know about ICO and its counterparts? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

View Comments

  • Did your investigation discover the percentage of loss caused by the private sector outsourcing of council services? This is all a symptom of the pressures local govt are facing with dramatically reduced budgets. Granted, leaving documents on a train is inexcusable, but a sign that HR are not driving the human element - data protection is far too often perceived as an IT issue, when the largest failures are actually in HR, lax vetting etc.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago