DATA breaches at Dorset councils have seen staff accessing personal information for their own use and records which contained limited third party information being sent to the public.
A report by the group Big Brother Watch has revealed data breaches that have taken place at councils across the UK.
Between 2011 until 2014, there were five data breaches at Dorset County Council with a further one committed at Weymouth and Portland Borough Council.
The five breaches at Dorset County Council included a laptop being stolen during an office burglary, a copy of a record sent which contained limited third party information being sent to a member of the public and an email sent to multiple people without using the “BCC” facility.
The other two incidents saw an email and a letter sent to the wrong address.
At Weymouth and Portland Borough Council, personal information was accessed for personal interest, with the person responsible was disciplined internally.
Cllr Francis Drake, community safety spokesman at WPBC, said: “In 2014, Weymouth & Portland Borough Council became aware of a security breach and formally notified the Information Commissioner’s Office of the incident.
“The council took this matter very seriously and conducted a full internal investigation.
“However, no individuals suffered any detriment and no complaints were received, and the Information Commissioner concluded that there was insufficient evidence to pursue the matter further.
“Furthermore, no other action was required as appropriate technical and organisational measures had already been taken to ensure against any similar breach of security in the future.”
Dorset County Council has provided more detailed of each of the incidents.
It said that the stolen laptop was encrypted to a standard that is considered to present no risk and that the laptop could not be accessed.
The employee that sent a copy of a record to a member of the public that contained limited third party information attended data protection training.
The council said that the email sent not using the BCC facility did not contain personal or sensitive information and that the employee was briefed on email policy and procedures and also attended a data protection session.
The members of the team involved in sending the letter to the wrong address were also rebriefed on data protection and training was given where necessary.
The email being sent to the wrong person was dealt with as part of the management appraisal process which would be on the employee’s record and would be taken in to account if there was a further data breach.
Big Brother Watch has called for the introduction of custodial sentences for serious data breaches, individuals to be given criminal records, training and reporting of any breach to be mandatory and standardised reporting systems and approaches to handling any breach.
DORSET County Council said that data protection training is mandatory for all new employees and we have a programme to ensure all existing employees receive the training and that there is also an online eLearning data protection module for refresher training.
Any employee at DCC involved in a data breach is required to attend the next available training. There is also a suite of data protection guidance notes on the council’s intranet with a rolling programme of data protection updates and awareness raising also in place.
Emma Carr, director of privacy campaign group Big Brother Watch, said: “Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them. A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing. With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public.
Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required.
Until we see these policies implemented, the public will simply not be able to trust local councils with their data."
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel