Lincolnshire County Council in top 10 for data breaches

New research has put Lincolnshire County Council in the top 10 local authorities for data breaches in the country.

The County Council has been ranked 8 out of 10 in the report called A Breach of Trust from Big Brother Watch, with 103 data breaches between April 2011 – 2014.

The data was collated through freedom of information requests to all English county councils, but only 17 supplied information.

Local authorities that have reported the largest number of data breaches between April 2011-2014. Data: Big Brother Watch

Emma Carr, Director of privacy campaign group Big Brother Watch, said: “Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them.

“Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required.”

Judith Hetherington Smith, the County Council’s Chief Information and Commissioning Officer, said: “This report shows that we take the safety of personal information very seriously.

“From 27 English county councils, 10 didn’t provide this information. We were able to respond because we have a clear process for staff to follow if data protection regulations are breached.

“We record each incident and investigate every one – no matter how minor the breach. Where appropriate we contact people affected by data breaches to advise that an incident has occurred.

“The majority of reported breaches are due to genuine staff errors which are difficult to prevent, however all of our staff already carry out compulsory training in protecting personal information. Some of the incidents involved IT equipment being stolen or lost.

“We encrypt all of our IT devices, to make the chances of personal data being retrieved from them very low. We use secure email services to transfer personal information, and review our policies regularly to ensure we change our procedures if necessary.”

In the Big Brother Watch report, there were no notable examples of data breaches from Lincolnshire County Council.

The Lincolnite previously reported a data breach which led to the names and email addresses of more than 4,000 people being sent to some 250 email addresses – which happened in August 2014 and fell outside the scope of the study FOI.

Meanwhile, other notable examples from the report included:

• Cheshire East: Inappropriate use of CCTV was reported. A CCTV operator watched part of the wedding of a member of the CCTV team. They were issued with a “management instruction” on future use of equipment.
• Lewisham Council: A social worker accidentally left a bundle of papers on the train. The bundle included personal and sensitive data relating to 10 children, including: names, addresses, date of birth, and third party information in relation to sex offenders, police reports and child protection reports. The individual involved resigned during disciplinary procedures.
• Glasgow City Council: 75% of the 197 reported instances of loss or theft of equipment highlighted in Breach of Trust took place at Glasgow City Council.
• Aberdeenshire City Council: An unencrypted laptop containing the details of 200 schoolchildren was stolen. The laptop was later recovered. No disciplinary action was taken but the matter was reported to the Information Commissioner’s Office.