FIVE more councils say soz for exposing people's privates
'Disclosing details about someone's social housing status can be upsetting'
What you need to know about cloud backup
The Information Commissioner's Office has found that five local authorities have breached the Data Protection Act by failing to protect personal information about citizens.
Basingstoke and Deane Borough Council breached the Data Protection Act four times over two months in 2011. In one incident, which occurred in May, an individual was mistakenly sent information relating to 29 people who were living in supported housing.
The council has since signed an undertaking committing it improving its handling of private information.
In July last year, a member of staff at Brighton and Hove council emailed personal details about another council employee to 2,821 council workers. The ICO said that in the previous year a "third party" had informed it about the theft of an unencrypted laptop belonging to the council from the home of a temporary employee.
Brighton and Hove has now given a commitment to ensure that the personal information they process is secure, including making sure that all portable devices used to store personal data are encrypted.
According to the ICO, similar undertakings have also been signed by Dacorum Borough Council, Bolton Council and Craven District Council. It has also issued an enforcement notice to Staffordshire County Council over its mishandling of a subject access request.
Information Commissioner Christopher Graham said: "At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents' privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty.
"We must also consider the detrimental impact these breaches continue to have on the individuals affected. Disclosing details about someone's social housing status can be upsetting and damaging for those affected. To help tackle this issue I've submitted a business case to the government to ask for them to extend my compulsory audit powers."
This article was originally published at Guardian Government Computing.
Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.
COMMENTS
A signed undertaking ...
... to obey the law that they are supposed to work under, then it's a fine next time.
Why is it that I got fined for my first speeding offense instead of having to sign an undertaking not to do it again?
Industry Wide?
I currently work for an ex-council housing authority and security doesn't seem to be the greatest here, considiring the amount of sensitive tenant data we hold. I'd suggest the problem is far greater than those few councils.
Anon, obviously ;)
Until the higher ups responsible lose their jobs, nothing will happen. The higher ups earn the big bucks; let them shoulder big responsibilities, even if they themselves didn't make the key mistake.
@ Dave the Cat:
Just say to your students "Now pay attention because if you don't, you WILL lost your job when you mess this up." Make sure all employees have been put on notice that certain types of email mistakes WILL result in immediate firing.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
