recent work

BBC reports on a ‘shockingly lax attitude’ to protection of confidential information by some councils.

The BBC has reported that since 2008, UK local councils have lost private data more than 1,000 times. Data losses have included that of vulnerable people and children; over 130 authorities have been involved in these data losses. The report Nick Pickles, of Big Brother Watch has said:

“[This research] highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils.

“The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting the privacy of their service users and local residents.

“Despite having access to increasing amounts of data and being responsible for even more services, local authorities are simply not able to say our personal information is safe with them.”

We have highlighted several times over the past year of councils that have lost or had data stolen; of all the reported cases, the information of ‘at least 3,100 children and young people was compromised in 118 cases’.

In summary, the research found that:

  • At least 244 laptops and portable computers, 98 memory sticks and 93 mobile devices went missing.
  • Only 55 incidents were reported to the Information Commissioner’s Office (ICO)
  • Only nine people lost their jobs as a result, according to the councils which responded (263 councils reported no losses, while a further 38 did not respond).
  • Buckinghamshire and Kent reported the most data loss incidents with 72 cases each, followed by Essex with 62 and Northamptonshire with 48.
  • In Birmingham, one lost USB stick included the names, addresses, contact details, tenancy type and ethnic origin of 64,000 tenants. In that case, the member of staff was suspended and later resigned.

Although the ICO has the power to fine organisations up to £500,000 for data breaches, it does not yet have the power to carry out compulsory audits in the local government sector. In light of this research, the ICO has called for new powers in order to be able to do so.

An ICO spokesman said: “It’s vital that local authorities properly live up to their legal responsibility to keep personal data secure, particularly where it is sensitive information about children and young people.

“Our concern isn’t just that councils have the right policies and procedures in place; it’s about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature.

“We’re calling for powers to conduct compulsory audits in the local government sector and will this week submit a formal business case to the Ministry of Justice”.