Councils breached personal data 1,035 times over three years
Big Brother Watch (BBW) has revealed more than 1,000 incidents across 132 local authorities, including at least 35 councils which have lost information about children and those in care in a new report.
Highly confidential information has been treated without the proper care and respect it deserves. At least 244 laptops and portable computers were lost, while a minimum of 98 memory sticks and more than 93 mobile devices went missing. Yet of the 1,035 incidents, local authorities reported that just 55 were reported to the Information Commissioner’s Office. Perhaps more concerning, says BBW, just nice incidents resulted in someone being fired for incompetence.
Nick Pickles, director of BBW, said the research highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils. “The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting privacy of their service users and local residents,” said Pickles. “For more than 3,000 children and young people to have their personal information compromised is deeply disturbing, as in most cases parents will not be aware of the incidents.
However, equally concerning is that 263 local authorities claim to have not lost a single mobile phone or memory stick, which seems surprising given the scale of loss in other authorities and the private sector. As just 55 of these incidents were reported to the Information Commissioner’s Office, there is a clear need for the ICO to have the power to audit organizations without needing their consent to ensure that the ICO is fully aware of data protection breaches,” he said.
Cases included an unencrypted memory stick containing highly confidential childcare data being lost on a Durham Street, a Kensington and Chelsea council employee losing documents in a pub including name, address, date of birth, health reports, income reports and photographs of service users and scanned case notes belonging to Kent Council being found on Facebook. The report comes a month after BBW’s disclosure of more than 800 incidents in the NHS of confidential patient records being compromised, including details of patients being posted on social networking sites, and how medical staff looked at the records of trends and colleagues.
Responding to the report Grant Shapps, local government minister, said: “Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.” Mike Smart, product and solutions director EMEA at SafeNet, said that many of these cases of personal data lost or stolen are linked by no or patchy application of encryption. “There is no excuse for not using encryption to protect data because the technology is proven, affordable and non-intrusive so it doesn’t get in the way of delivering services to local residents. Indeed it can help authorities extend e-government into more areas with the assurance that data is always protected anywhere it is accessed,” he said.
David Fowler, senior VP products and marketing at Courion, said the figures were striking and show how local authorities can be blindsided by IT security shortcomings regardless of their investment in safeguards. “They need to get a grip on the problem by finding ways to prioritize risks more exactly in order to help them zero in on where breaches are more likeliest to happen,” he said. “Many of the security breaches have resulted from inappropriate use of sensitive data and lack of effective user access policies. One of the most worrying things about these cases is the poor access risk management practices within local authorities.”« Back to Press Room