A new study by privacy campaign group Big Brother Watch has identified an alarming amount of recorded data breaches by local authorities. Over a 3 year period there was 4,236 data breaches, with the authorities with the largest amount of recorded breaches listed below:
1. Brighton and Hove City Council – 190
2. Sandwell Council – 187
3. Telford and Wrekin Council – 175
4. Peterborough City Council – 160
5. Herefordshire Council – 157
6. Glasgow City Council – 128
7. Doncaster Council – 106
8. Essex County Council – 106
9. Lincolnshire County Council – 103
10. Wolverhampton City Council – 100
In addition to the amount of breaches, the attitude towards protecting data shown by local authorities is seen as alarming by Big Brother Watch’s director Emma Carr, stating the findings showed “shockingly lax attitudes to protecting confidential information”.
The study findings are based on feedback to Freedom of Information requests sent to all UK local authorities and includes; data lost over 400 times, 5000 letters sent to wrong address, sensitive or confidential information compromised in 260 cases and breaches involving personal data linked to children on 658 occasions. With regard to the data loss, despite more than 400 instances of loss or theft, including 197 mobile phones, computers, tablets and USBs and 600 cases where information was inappropriately shared, just a single person has faced criminal sanctions and only 50 have been dismissed. Southampton City Council recorded 50 data breaches.
The Information Commissioner’s Office, the Justice Select Committee and the Home Affairs Select Committee have all given their widespread support for imposing tougher penalties for the most serious of data breaches. However, with only a fraction of employees disciplined or dismissed, one questions how seriously councils are taking protecting the privacy of the public? A spokesman for the Local Government Association said: “Councils take data protection extremely seriously and staff are given ongoing training in handling confidential data.” But on the face of the latest findings, this does not, by all accounts seem to the case. Local authorities will need to prove that they can be trusted with digital security and that our personal data is safe with them, addressing both the security measures in place and policies around handling breaches once they have been found.