Council data security 'shockingly lax'

Hands on a computer Image copyright PA

Sensitive personal information has been lost or stolen from councils in thousands of cases, research suggests.

Local authorities recorded 4,236 data breaches during a three-year period from April 2011, a study by privacy campaign group Big Brother Watch said.

Its director Emma Carr said this showed "shockingly lax attitudes to protecting confidential information".

The Local Government Association said breaches were "proportionately rare" given the volume of data handled.

The report is based on responses to Freedom of Information requests sent to all local authorities in the UK.

Its findings include how:

  • Data was lost or stolen on 401 occasions, with 628 instances of incorrect or inappropriate information being shared on emails, letters and faxes.
  • More than 5,000 letters were sent to the wrong address or included content meant for another recipient, while there were 99 cases of unauthorised access to or disclosing of data.
  • Some 197 mobile phones, computers, tablets and USBs were lost or stolen.
  • More than two in three incidents led to no disciplinary action at all, while staff resigned in 39 cases and 50 employees were dismissed.
  • Sensitive or confidential information was compromised in 260 of the cases, while breaches involved personal data linked to children on 658 occasions.

Specific cases detailed included a social worker at Lewisham City Council leaving a bundle of papers on a train, which contained personal or sensitive data relating to 10 children.

Also, a CCTV operator at Cheshire East Council used cameras to watch part of the wedding of a fellow member of their team, while an employee at Thanet in Kent was dismissed after accessing benefit claim records "inappropriately".

'Deeply disturbing'

Big Brother Watch is calling for custodial sentences for the most serious data breaches.

Ms Carr said: "Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them.

"A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.

"With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public."

Local authorities with the highest number of data breaches from April 2011 to April 2014

  1. Brighton and Hove City Council - 190
  2. Sandwell Council - 187
  3. Telford and Wrekin Council - 175
  4. Peterborough City Council - 160
  5. Herefordshire Council - 157
  6. Glasgow City Council - 128
  7. Doncaster Council - 106
  8. Essex County Council - 106
  9. Lincolnshire County Council - 103
  10. Wolverhampton City Council - 100

Source: Big Brother Watch

Big Brother Watch said 167 town halls reported no data breaches at all over the period under scrutiny.

A spokesman for the Local Government Association said: "Councils take data protection extremely seriously and staff are given ongoing training in handling confidential data.

"When [breaches] do occur, robust investigations and reviews are immediately undertaken to ensure processes are tightened."

More on this story