Councils ‘ lose’ personal data of thousands
COUNCILS have lost or wrongly shared the personal i nf ormation of t e ns of thousands of people, a new report reveals today.
Scotland’s local authorities were responsible for 347 data blunders between April 2011 and April 2014.
Three- quarters of reports of loss or theft of equipment such as laptops in the report took place at Glasgow City Council.
Breaches also i ncluded an unencrypted laptop containing the details of 200 schoolchildren being stolen from Aberdeenshire City Council.
Across the UK, officials are breaching data rules at least four times a day.
The ‘shockingly lax attitudes’ local authorities show towards protecting private records is revealed in the study by civil liberties group Big Brother Watch.
It found UK councils committed 4,236 data breaches between 2011 and 2014, compared to 1,035 in the previous three years.
In many cases, a single breach would involve the disappearance, theft or inappropriate sharing of personal information on hundreds or thousands of people.
Glasgow City Council was fined £150,000 by information watchdogs in 2013 following the theft of two unencrypted laptops which held 20,143 names and addresses, along with the bank details of more than 6,000 people.
In East Cheshire, a CCTV operator used cameras to snoop on a colleague’s wedding.
Despite the scale of the problem, only one person has been prosecuted. Paul Hedges, 44, a leisure centre boss for Southampton City Council, was fined £4,300 after stealing computer files containing the personal and medical details of nearly 2,500 clients when he learned he was to be made redundant.
Now Big Brother Watch has called for prison sentences for the most serious breaches of the Data Protection Act.
Director Emma Carr said: ‘ Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them. A number of examples show shockingly lax attitudes to protecting confidential information.
‘With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public.’
In Scotland, 197 mobile phones, computers and USB sticks were lost or stolen. Of these, 148 – 75 per cent – were in Glasgow.
A Glasgow City Council spokesman said: ‘These figures reflect our extremely robust procedures for reporting on the potential loss of data. Our mobile devices are routinely protected by encryption and we have i ntroduced a programme of mandatory data protection training for staff.
‘We are already adhering to all the recommendations in this report that could reasonably apply to a local authority.’
An Aberdeenshire Council spokesman said: ‘In August 2011, a laptop containing school pupil reports, language profiles and l essons was stolen during a break-in of an employee’s locked home. The laptop was later recovered by police and no disciplinary action was taken as the member of staff was not at fault.
‘Aberdeenshire Council was at the time in the process of encrypting all laptops, a process that has since been completed. All council employees must undertake mandatory training surrounding the Data Protection Act 1998 as part of staff induction.’