Feeds

Councils 'fessed up to just 55 of 1,035 data loss shockers

Watchdog kept in the dark by town halls, wants new powers

Website security in corporate America

The scale of data-handling gaffes at local authorities has been revealed by a new report that uncovered 1,035 incidents where confidential information about British citizens was lost.

Privacy campaign group Big Brother Watch (BBW) submitted 433 Freedom of Information Act requests to councils across the UK that covered a three-year period from August 2008 to August 2011.

The FOIs asked the authorities to report the number of cases where sensitive information had been lost by council staff, as well as explain the nature of the data loss. BBW also requested details about how many employees had been subsequently disciplined, sacked or prosecuted for such data breaches - and it asked what response each council had given to individual incidents.

In total, the campaigners received 395 replies from local authorities.

"We have uncovered more than 1,000 incidents across 132 local authorities, including at least 35 councils who have lost information about children and those in care," said BBW in a statement accompanying its report (PDF).

"Highly confidential information has been treated without the proper care and respect it deserves. At least 244 laptops and portable computers were lost, while a minimum of 98 memory sticks and more than 93 mobile devices went missing."

Despite that, BBW found that local authorities only reported a paltry 55 incidents to the Information Commissioner's Office, which handles data loss complaints.

The group added that only nine incidents – where data was mishandled by council staff – resulted in the individuals concerned being sacked.

“I welcome this research by Big Brother Watch," local government minister Grant Shapps told the data protection advocates.

"This reinforces the need for steps to protect the privacy of law-abiding local residents. Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.”

Here's a snapshot of some of the data losses uncovered by BBW, where the incidents weren't subsequently reported to the ICO:

  • In Bolton a smartphone "slid off a car bonnet" and was said to be "irretrievable without dismantling the car park". The authority said the phone contained internal contact details of Bolton council workers. It said the "phone was sent a remote wipe command within one hour and the owner of the car park subsequently sealed the cavity with concrete."
  • Schoolchildren's ID cards in Fife were delivered by post to the wrong addresses, the Scottish authority admitted. It said personal data that may have been leaked included pupils' names, photos, and possibly their dates of birth, as well as information about entitlement to free school meals. However, no action was taken, other than staff visual checks on all cards swiped by pupils at the school.
  • In Kent, scanned case notes relating to children were found on Facebook. They contained data that would identify individuals, the council admitted. The authority contacted the police and the director of children's social service was also informed about the incident.

The Register asked the ICO to respond to BBW's findings. It said:

It's vital that local authorities properly live up to their legal responsibility to keep personal data secure, particularly where it is sensitive information about children and young people.

Four out of the six monetary penalties that we've issued so far have involved data losses at councils.

Our concern isn't just that councils have the right policies and procedures in place; it's about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature.

We're calling for powers to conduct compulsory audits in the local government sector and will this week submit a formal business case to the Ministry of Justice asking the government to give us such powers.

The watchdog pointed us at its own list of local authority data cock-ups where "enforcement action" was taken over the past two years. ®

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.