Five councils caught breaching data protection law
By Tom Brewster,
Five local authorities have been found in breach of the Data Protection Act (DPA), leaving the Information Commissioner’s Office (ICO) pleading for them do improve their security practices.
Basingstoke and Deane Borough Council managed to make four separate blunders in just two months in 2011, one of which saw data relating to 29 people living in supported housing sent to the wrong recipient.
At Brighton and Hove Council, an employee emailed the details of another member of staff’s personnel data to 2,821 council workers.
Dacorum Borough Council, Bolton Council and Craven District Council were also caught out.
Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty.
All have signed undertakings promising to shore up their data handling.
“At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty,” said information commissioner Christopher Graham.
“We must also consider the detrimental impact these breaches continue to have on the individuals affected. Disclosing details about someone’s social housing status can be upsetting and damaging for those affected.”
Graham is currently looking to the Government to give it greater audit powers.
The ICO’s announcement came just two weeks after Midlothian Council was handed a record fine of £140,000 after sensitive data relating to children and their carers was sent to the wrong recipient.
The ICO may get greater fining powers too if the UK adopts the European Commission's data protection regulation proposals.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Yahoo CEO resigns after CV debacle
- Apple iPad 3 vs iPad 2 head-to-head review
- Macs under attack?
- HP to bring indestructible plastic displays and Memristor storage to market
- Fusion-IO share price soars on back of Dell merger rumours
- Android users warned of fake app store malware risk
- Dell PowerEdge R820 review
- Is BT the key to broadband Britain?
- What is your password worth?
- Police quiz UK teen over TeamPoison attacks
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
RE:
It is surprising to hear that councils continue to suffer from data breaches with the protection of sensitive data so high on the National and European political agenda.. If the ICO’s power to issue fines of up to £500,000 wasn’t enough of a deterrent before, companies could face penalties of up to 2% of their revenues, following proposed reforms to EU Data Protection law and 24 hour mandatory breach notifications. These reports of negligent data handling are the latest in a number of public sector cases and highlight the absolute need for councils to be educated on their legal responsibilities regarding data security.
With organisations in both the private and public sector becoming increasingly more responsible and accountable for personal data, councils need to reprioritise the issue of data security by ensuring that data breach prevention is high on their agenda. Educating staff of the importance being placed on data protection is the first step towards significantly reducing data breaches, but there is also a need for better systems to be in place.
Councils that choose to implement full disk encryption as part of their overall data security strategy are unlikely to suffer large fines because the data is inherently protected, mitigating against any ill effects of losing a device. Organisations must remember however that to encrypt alone is not enough, they need to put an enterprise management system in place to prove that the lost or stolen device was actually encrypted when it went missing. Encryption prevents the leap from data loss to data breach, and, in the presence of proposed new legislation, has the potential to save local authorities hundreds of thousands of pounds.
Garry L McCracken, CISSP
Vice President Technology Partnerships
WinMagic Inc.
www.winmagic.com
By GarryMcCracken on Friday Feb 17