A recent meeting of local councillors has reportedly highlighted data security problems that could put the Lichfield District Council in breach of the General Data Protection Regulation (GDPR).
The issue surrounds the reported continued use of unencrypted laptops and was raised by Cllr Joanne Grange, who is understood to have expressed concerns that the problems had still not been addressed three years after they were identified in 2017.
It is understood that Cllr Grange suggested that the failure to update working practices in accordance with data protection regulations could be tantamount to “negligence”. Her statements have undoubtedly highlighted some key problems which the council should feel obliged to address as a matter of urgency.
Remote working and insecure devices at the Lichfield District Council
The meeting is understood to have brought the issue of laptop computers to the fore, identifying that not all of them were encrypted. The use of removable storage devices (such as memory sticks) was identified as another vulnerability.
It is understood that, at the Lichfield District Council, there are no internal rules against copying data onto these potentially untrusted devices.
While Cllr Grange acknowledged that remote working had become a new challenge last year as a result of the coronavirus pandemic, and the ensuing national lockdowns, she reiterated the fact that laptops have been used in this manner for three years. As such, the problems cannot be explained away by current circumstances, and in fact, stems from a long-term culture of what appears to be irresponsible data handling.
Potential consequences of security issues
With the unencrypted computers used at the Lichfield District Council, the personal data of residents and employees may have very little in the way of an effective defence against cyberattacks.
Following an attack such as this, any stolen data could prove incredibly useful to fraudsters. The information held by councils includes National Insurance numbers and bank account details, both of which could facilitate theft.
While the Lichfield District Council currently asserts that no residents’ information has been stored on unencrypted devices, and has vowed to replace these devices in January 2021, this may not sufficiently mitigate the threat which has already been posed by the insecure laptops.
Stating that she would “struggle to sleep at night” if residents’ data was stolen due to their negligence, Cllr Grange also seemed to echo the stresses and anxieties which victims of data breaches often face. The psychological impact of data breaches can be profound, inducing long-term mental health problems or even clinically diagnosed mental health conditions.
As such, with the potential for serious material and emotional consequences, cybersecurity weaknesses should not be taken lightly.
Council data breaches
Unfortunately, the situation at the Lichfield District Council is not an isolated issue, and data breach incidents at other local government bodies are matters that we regularly deal with. In a recent example, at Bristol City Council, a mass email reportedly exposed the names of children with disabilities and special educational needs, as well as the email addresses of their primary carers.
At the Data Leak Lawyers, we believe such incidents result from a wider, systemic problem of ignorance regarding the importance of data protection in many cases. As such ,we believe it is our duty to hold businesses and organisations to account for their negligence.
Following the Bristol City Council data breach, we encouraged any affected victims to come forward to claim compensation.
If you believe have been affected by a council data breach, do not hesitate to contact us. You could be eligible to claim compensation for any resulting losses and expenses, and for any distress caused by the loss or exposure of your personal data. We have already taken a number of cases forward, and we may be able to help you too.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on January 20, 2021
Posted in the following categories: Claims Council Data GDPR Government Latest Security Technology and tagged with compensation | council | council data breaches | cybersecurity | data breach | data controllers | data leak | database security | gdpr | government | personal data