Council careless with personal information

office07:40 Tuesday 11th August 2015
BBC Radio Cambridgeshire

DOTTY MCLEOD: A Freeedom of Information request by the privacy group Big Brother Watch has revealed there were more than 4,000 data breaches by councils between 2011 and 2014. Around 400 of those breaches involved data being lost or stolen. Peterborough City Council recorded the fourth highest number of data breaches for a local authority with 160 incidents. Cambridgeshire County Council recorded 34. Dan Nesbitt is Research Director at Big Brother Watch. So Dan, what have you been counting up? What counts as a data breach?
DAN NESBITT: Well the personal information involved can range from names addresses dates of birth, and the data breach can cover all manner of things. So it could be as simple as someone posting a letter to the wrong address and all the way up to a large scale theft of personal data.
DOTTY MCLEOD: It can be even simpler can’t it than posting the letter to the wrong address. Some of these things that you’ve listed among Peterborough’s 160 cases is documents being left on the printer.
DAN NESBITT: Absolutely, and that’s why one of our recommendations was that everyone gets mandatory data protection training if they’re going to be handling personal information so they know exactly what they need to do, and we can cut down on these mistakes that are happening. Because a lot of them are just silly mistakes.
DOTTY MCLEOD: Is it a big deal though, if something is left on a printer for five minutes? It’s still within the City Council building, isn’t it.
DAN NESBITT: Well it’s within the council building, but at the same time not everyone in that building may have the right authorisation to look at that information, and this is still people’s information that they have handed over to the council on trust that it will be kept safe, secure, and used only for their benefit.
DOTTY MCLEOD: Some people might say that it is to Peterborough City Council’s credit that they have logged even these pretty minor examples of data protection breaches.
DAN NESBITT: It’s good that they do have what looks like a quite robust reporting mechanism, but the issue still is that those breaches are still happening. So we need to look into why they’re happening, and hopefully then we can get some action to rectify them.
DOTTY MCLEOD: So why are you so worried about this? What’s the worst case scenario Dan?
DAN NESBITT: Well all manner of things can happen to this data in the worst case scenario. So in the very worst cases we can have people selling on types of information, or using it for some form of identity fraud. At a lower end of the spectrum it just isn’t very helpful to people trusting councils with their information if these small mistakes are happening.
DOTTY MCLEOD: So there’s roughly been 4200 data breaches at councils across the whole country over there years. Is that a big number?
DAN NESBITT: Well it’s a significant number. I think people, as I said earlier, trust that this information is going to be kept secure. It’s not a thing that everyone should be panicking about, but it’s something I think the council should be concerned about, and should be taking action to rectify.
DOTTY MCLEOD: Peterborough City Council have said ” .. the vast majority of breaches are very low in terms of the number of people affected, which illustrates how effective our reporting is. We’ve invested a lot of time into staff training to raise awareness, and this has led to a significant drop in breaches over the last twelve months.” What’s your reaction to that statement Dan?
DAN NESBITT: Well it sounds good that they are taking action to rectify it, but as our research has shown, before they ever (UNCLEAR) which is why it’s still happening. So it will be good to see what happens in the future, and whether these breaches continue to fall.
DOTTY MCLEOD: Dan Nesbitt there, Research Director at Big Brother Watch. Just the final sentence of that statement from Peterborough City Council, they add that ” they treat the data they hold very seriously and will continue to take a tough approach on data breaches, acting quickly if a future breach occurs.” Also 34 data breaches at Cambridgeshire County Council. And this from them: “Many of our staff deal with sensitive information every day and using and sharing such information is a vital part of providing services. In the small number of cases where things go wrong, we ensure these are reported and acted upon quickly. Every incident or potential incident is investigated so that we can take immediate action to address any concerns from the specific case whilst learning lessons to try and prevent it happening again.”