Doncaster council reports over 100 data breaches

editorial image

Sensitive personal information has been lost or stolen over 100 times at Doncaster council since 2011, new research has revealed.

Between April 2011 and April 2014, Doncaster council recorded a total of 106 data breaches, seven of which were deemed ‘serious enough’ to report to the Information Commissioner’s Office.

Julie Grant, Assistant Director of Customer Services and ICT said of the data breahces: “Doncaster Council takes its obligations under the Data Protection Act extremely seriously and records every single incident no matter how minor to ensure personal data is as secure as possible at all times.”

She continued: “The Council deals with hundreds of services and the amount of 106 breaches is over 3 years with only 7 breaches serious enough to report to the Information Commissioner’s Office, that said we appreciate this is still too many and we are constantly trying to reduce.

“Actions include continuous repeated training and awareness for all staff that have access to personal data and a thorough reporting, investigation and disciplinary mechanism as required, should any breaches arise”.

The study was carried out by privacy campaign group, Big Brother Watch who are now calling for custodial sentences to be introduced for the most serious data breaches after finding just one in 10 resulted in disciplinary action and only one led to a prosecution.

Director Emma Carr said: “Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them.

“A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.

“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public.”

Nationally, local authorities recorded a total of 4,236 data breaches in three years from April 2011 - a rate of almost four every day, Big Brother Watch found.

Sensitive or confidential information was compromised in 260 of the cases, while breaches involved personal data linked to children on 658 occasions.

In some cases council staff were found to have accessed material “for personal interest”.

The report, based on responses to freedom of information requests, said data was lost or stolen on 401 occasions, while there were 628 instances of incorrect or inappropriate information being shared on emails, letters and faxes.

More than 5,000 letters were sent to the wrong address or included content meant for another recipient, while there were 99 cases of unauthorised access to or disclosing of data.

Researchers also found that a total of 197 mobile phones, computers, tablets and USBs were lost or stolen.

More than two in three incidents led to no disciplinary action at all, while staff resigned in 39 cases and 50 employees were dismissed.