Reading:
Broxtowe Borough Council’s Data Breach
Share:
data protection

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Broxtowe Borough Council’s Data Breach

Nottinghamshire Police is investigating a data breach after reports that confidential information was accidentally sent via email to all 730 employees at Broxtowe Borough Council (BCC). The contents of the email made allegations against someone’’ conduct at BCC, which is easily arguable as a private and personal matter,

This could constitute as a serious breach of the Data Protection Act.

Nature of the breach

The data breach allegedly consisted of an email dated last December which was sent to all employees at the Council with allegations of misconduct made by a senior manager. The email was marked as “confidential” and sent from the senior manager. By sending a mass email containing confidential information, there is no doubt that a data breach occurred.

Nottinghamshire Police were notified about the breach in September, calling for an “independent investigation”. However, the Police indicate that whoever sent it may be afforded protection under whistle-blowing legislation. Whilst whistle-blowing is important for various reasons, including raising the issues of malpractice in the workplace that will affect public interest, it’s also just as important to keep private data secure. It can be a hard balance to strike, but the risk of personal information being in the hands of someone with unauthorised access can be a huge risk.

BCC’s promise

On their website, The BCC states that privacy is of paramount importance to them. As required by the law, they undertake that they will treat personal information which includes, but isn’t limited to, names, addresses and email addresses, secure in accordance with the Data Protection Act. The individual who sent the mass email has arguably failed to take into consideration the data protection principles.

ICO’s actions

The council’s breach was reported to the ICO. However, following investigations, they’ve stated that no further action will be taken.

Usually, when there is a data protection breach, the Information Commissioner’s Office, who is responsible for enforcing the DPA, will investigate to see whether the business or organisation failed to adhere to the DPA. If they find a breach occurred, they can impose a financial penalty.

The ICO are most well-known for their monetary penalties, however they are also equipped to make enforcement actions as well.

This was seen in a case in 2014 when the Wolverhampton City Council (WCC) was hit with a data breach training order. The order required WCC to train all its employees following the lack of urgency over keeping personal information secure. This required all employees to undertake the data protection training within 50 days of the order, or the issue will be treated as a contempt of court.

Importance of staff training

Maybe this is something that the BCC needs. The importance of staff training is highlighted, as they’re the ones who come into contact the most with the personal data. If employees remain untrained in data protection, it could have devastating consequences, with more and more personal information being lost/stolen.

Many councils and governmental bodies should take data protection seriously, as mishandled information isn’t just a financial burden, but it’s costly for their reputation. They must take steps to secure the data with all means possible, including training their employees to an acceptable standard. This will help them stay out of the ICO’s firing line.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon