Although we appreciate the hard work of those who work in our councils and local government bodies, data breaches in the public sector remain a big problem. In order to do their jobs, these establishments often need access to a lot of our personal data such as contact details, medical records, criminal records, etc.
We trust them with this information because, after all, they’re a part of the public establishment who are supposed to be there to look after our best interests. But there have been a large number of data breach cases that have left many worried about our data in their hands.
Local government breaches
In accordance with the Data Protection Act, all local authorities have a legal duty to take:
“…appropriate, technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
The issue is that local authorities and councils have been subject to a large number of data breaches in the past, and a lot have happened because of avoidable errors.
For instance, a London Council were fined by the ICO after a social worker left court files on top of her car and drove off. Mistakes happen when people are tired or unfocused, but for such important files, people need to take extra precautions to ensure mistakes can’t be so easily made.
In another example, lax rules and security led to one Aberdeen Council worker accidentally transferring and uploading personal information onto the internet when using her personal PC to work from home.
Now, you’d think they’d have security rules in place for government workers working from home, and if they do then employees are simply choosing to ignore them because breaches are happening! A lot of it, we suspect, is probably down to a lack of training for staff.
Thousands of data breaches occurring
A previous BBC report slammed local authorities for a staggering 4,236 data breaches between 2011 and 2014. In that short three-year period, thousands of cases of sensitive information being leaked were reported, with many of them involving children.
Brighton and Hove City Council topped the leader board of the report with 190 data leaks, and most of the cases were down to pure carelessness; thousands of emails being sent to the wrong email address, for instance.
At a click of a button, unlimited amounts of psychological harm and distress can be caused.
Role of the ICO as the enforcers
The Information Commissioner’s Office (ICO) can investigate substantial breaches, and if they find one, they can issue penalties to the organisation of up to £500,000.
BreachWatch reported that between November 2010 and November 2013, a staggering £2,000,000 in penalty fines were given out to just local councils for data breaches.
The statistics are truly baffling…
It really makes people wonder about the effectiveness of the training and procedures in place. Employees need to take proper care and ownership of data, and understand that it’s real people who are affected when things go wrong.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.