Doncaster Council pays out £15K in data breach claims amid ‘worrying’ rise in the UK

An investigation by DataBreachClaims.org.uk has revealed a stark increase both in terms of human error and cyber-attacks across UK councils.

Data Breach expert at DBC, Eleanor Coleman says: “This rise in UK local government data breaches is worrying and we hope that organisations are ensuring that they have sufficient security in place to protect people’s personal information.”

Councils are expected to collect, store, use, share and dispose of personal information or data about individuals, in line with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).

According to the ICO (Information Commissioner’s Office), cyber attacks on local authority systems have increased by a staggering 24% between 2022 and 2023.

Personal data breaches reported by Local Governments, it confirms, have skyrocketed by 58 per cent in the same time period.

Security breaches have the potential to put thousands of people’s personal details at risk, potentially harming victims psychologically as well as financially.

Data has been obtained through a series of Freedom of Information Requests to every UK council. Of the 36 Metropolitan District Councils contacted, 75 per cent responded within the deadline.

The Local Authority to pay the most in data breach claims was Coventry Council which reported a pay-out of £92K. The second highest Metropolitan Council figures were from North Tyneside Council which paid £65K.

In the last three years, Doncaster Council confirmed a total of 282 data breach incidents with figures increasing year on year.

Between 2021/22, the council recorded 94 incidents, as well as 74 the following year.

So far, between 2023-March 2024, some 114 data breach incidents have been logged already.

It must be said that the majority of these are likely to be for relatively minor issues such as, emails being sent to the wrong recipient or incorrect disposal of paperwork.

Personal data breaches are defined as “any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.

DataBreachClaims.org.uk also asked the council how many cyber attacks it has had within the same time period.

Doncaster Council neither confirmed nor denied whether it holds the information on the grounds that it could potentially jeopardise future detection or prevention of crime.

The Local Authority did however, confirm it has paid out a total of £15,000 in compensation for data breach claims since 2021.

Between 2021/22, it paid out £11,000. This is followed by a further £4,500 in 2022/23.

Victims of a breach may be able to claim compensation providing a certain set of criteria is met.

Scott Fawcus, Service Director of Legal and Democratic Services at City of Doncaster Council, said: “We take our duties to protect people’s personal data extremely seriously. Our staff undertake mandatory data protection training and we have very robust policies and procedures in place in accordance with General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

“We treat any breaches seriously and each is regrettable, however when you consider the thousands of interactions the council makes each day, these claims relate to a relatively small number of incidences.”