Tag: council data breaches
Experts have looked in to the differences between councils and local authority services and compared the quality of the cybersecurity and their data protection procedures and protocols. One worrying trend is the fact that there are some huge differences between different councils when it comes to practically all aspects of data security.
This issue means that, in reality, the quality of data protection and cybersecurity can be somewhat of a postcode lottery. There is no single or uniform approach, which is a really worrying aspect.
According to information from a report by privacy advocates Big Brother Watch, despite assurances that local government authorities are taking data protection seriously, more than a quarter of UK councils have had systems breached in the last five years.
The report also found that the majority of the successful breaches were caused by the simple and well-known phishing method, pointing to staff as the “weakest link” in terms of cybersecurity and data defence.
The report also references the fact that three-quarters of councils reportedly do not provide mandatory cyber-security training, with 16% not providing any at all.
Data protection breaches committed by councils / local authorities – or the companies they outsource work to – can be unfortunately common. We advise and represent a large volume of people who have been the victim of a data breach caused by their local council, so we understand how bad they can be.
The serious council data protection breaches can cause a lot of problems for the victims, and given the nature of data that local authorities often hold – these type of breaches can be very sensitive indeed.
It’s not only NHS workers who are breaching data protection rules by accessing medical records when they shouldn’t be. There’s also a worrying trend of data being breached by the rogue actions of employees, and with data being so easily shared nowadays, we remain concerned.
With a huge amount of councils lacking proper mandatory data protection training, you could argue there are potentially thousands of employees out there who don’t know any better. This is not good enough, and these prosecutions should serve as stern warnings to both employers and employees about breaching data protection rights by illegally sharing data.
New information from the Big Brother Watch privacy group suggests that local authorities are still failing to report data protection breaches. In May 2018, the new GDPR legislation will come into force and councils will have to abide by regulations that will make the reporting of many data protection breaches compulsory.
But, aside from the impact the new laws may have, we cannot avoid the underlying issue here. With estimations that UK councils have been hit by almost 100 million cyberattacks in the last five years, the fact of the matter is that sensitive data is vulnerable in their hands.