Fine threat for council over data breach
DOZENS OF data protection breaches have been uncovered at Barnsley Council over the space of three months, with the authority now facing threats of a fine over one significant incident.
Among those recorded between January and March were 14 emails sent to the wrong person and leaving documents on a printer, with one incident deemed so significant a detailed investigation has been submitted to the Information Commissioner.
In total, 32 data protection breaches were discovered, councillors have been told, all of which had to be reported to the commissioner within three days.
Although three cases were found to be unsubstantiated and another three involved either the Royal Mail or another local authority, 16 were found to be actual breaches of the Data Protection Act, with another 10 exposing weaknesses which could have caused risk to the council.
Councillors were told one was particularly serious, with an official telling members: “Unfortunately, one of these incidents was fairly significant and we did escalate it to the Information Commissioner’s Office on February 23. A detailed investigation was submitted on March 7.
“Councillors will be updated later on the outcome and whether the council is fined as a result.”
Councillors were told a number of lessons have been learned as a result, however, including that staff ensure address details are correct before sending out sensitive documents.
The disclosure comes ahead of changes to data protection legislation, which leaves all private and public-sector organisations at risk of huge fines if they breach stringent new rules which come into effect next month.
A recent audit by the Information Commissioner’s Office made 110 recommendations for action over how Barnsley Council handles data, including eight with urgent priority status.