It’s not only NHS workers who are breaching data protection rules by accessing medical records when they shouldn’t be. There’s also a worrying trend of data being breached by the rogue actions of employees, and with data being so easily shared nowadays, we remain concerned.
With a huge amount of councils lacking proper mandatory data protection training, you could argue there are potentially thousands of employees out there who don’t know any better. This is not good enough, and these prosecutions should serve as stern warnings to both employers and employees about breaching data protection rights by illegally sharing data.
In this case, council employee Samira Bouzkraoui took a screenshot of a spreadsheet that contained the data of children and their eligibility for free school meals. According to the ICO, she sent the image to an estranged parent of a pupil via social-media platform Snapchat.
The former local authority education worker, who at the time of the data breach worked for Southwark Council, has admitted to data protection breaches and has since been landed with fines and court costs.
A lack of education at councils?
According to a recent report, more than three-quarters of councils in the UK do not have adequate mandatory training for cybersecurity issues.
It’s fair to assume there’s a real lack of understanding and knowledge about data protection obligations for employees.
What may seem obvious to us as lawyers, or those with a proper understanding of the law, may not be obvious to others.
Will we continue to see more council data protection breaches?
Something needs to change. The forthcoming GDPR law changes may be the catalyst that councils need for changing their ways when fines can be in the millions.
Irrespective of the new legislation coming into force in May this year, a breach of this nature is a clear reminder that there is too little knowledge among employees to understand the severity of a data protection breach, and how to properly deal with the data they’re in charge of.
We deal with a lot of council data protection breach compensation claims, so we can tell you that this is a problem that needs to be solved. A lot of the time they do come down to employees illegally sharing data without the proper understanding that what they’re doing is an actual breach of data protection laws.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.