Feeds

Councils 'fessed up to just 55 of 1,035 data loss shockers

Watchdog kept in the dark by town halls, wants new powers

Maximizing your infrastructure through virtualization

The scale of data-handling gaffes at local authorities has been revealed by a new report that uncovered 1,035 incidents where confidential information about British citizens was lost.

Privacy campaign group Big Brother Watch (BBW) submitted 433 Freedom of Information Act requests to councils across the UK that covered a three-year period from August 2008 to August 2011.

The FOIs asked the authorities to report the number of cases where sensitive information had been lost by council staff, as well as explain the nature of the data loss. BBW also requested details about how many employees had been subsequently disciplined, sacked or prosecuted for such data breaches - and it asked what response each council had given to individual incidents.

In total, the campaigners received 395 replies from local authorities.

"We have uncovered more than 1,000 incidents across 132 local authorities, including at least 35 councils who have lost information about children and those in care," said BBW in a statement accompanying its report (PDF).

"Highly confidential information has been treated without the proper care and respect it deserves. At least 244 laptops and portable computers were lost, while a minimum of 98 memory sticks and more than 93 mobile devices went missing."

Despite that, BBW found that local authorities only reported a paltry 55 incidents to the Information Commissioner's Office, which handles data loss complaints.

The group added that only nine incidents – where data was mishandled by council staff – resulted in the individuals concerned being sacked.

“I welcome this research by Big Brother Watch," local government minister Grant Shapps told the data protection advocates.

"This reinforces the need for steps to protect the privacy of law-abiding local residents. Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.”

Here's a snapshot of some of the data losses uncovered by BBW, where the incidents weren't subsequently reported to the ICO:

  • In Bolton a smartphone "slid off a car bonnet" and was said to be "irretrievable without dismantling the car park". The authority said the phone contained internal contact details of Bolton council workers. It said the "phone was sent a remote wipe command within one hour and the owner of the car park subsequently sealed the cavity with concrete."
  • Schoolchildren's ID cards in Fife were delivered by post to the wrong addresses, the Scottish authority admitted. It said personal data that may have been leaked included pupils' names, photos, and possibly their dates of birth, as well as information about entitlement to free school meals. However, no action was taken, other than staff visual checks on all cards swiped by pupils at the school.
  • In Kent, scanned case notes relating to children were found on Facebook. They contained data that would identify individuals, the council admitted. The authority contacted the police and the director of children's social service was also informed about the incident.

The Register asked the ICO to respond to BBW's findings. It said:

It's vital that local authorities properly live up to their legal responsibility to keep personal data secure, particularly where it is sensitive information about children and young people.

Four out of the six monetary penalties that we've issued so far have involved data losses at councils.

Our concern isn't just that councils have the right policies and procedures in place; it's about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature.

We're calling for powers to conduct compulsory audits in the local government sector and will this week submit a formal business case to the Ministry of Justice asking the government to give us such powers.

The watchdog pointed us at its own list of local authority data cock-ups where "enforcement action" was taken over the past two years. ®

Top three mobile application threats

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.