Personal details lost 450 times by councils
COUNCILS in the West Midlands have lost or disclosed sensitive personal details concerning private individuals over 450 times since 2011.
Despite a catalogue of blunders, only six employees have actually been fired by the councils while in 92 per cent of cases no disciplinary action was taken at all.
Across the West Midlands, there have been 453 data breaches since April 2011.
They included emails and letters sent to the wrong people and the loss of key documents, according to figures obtained under the Freedom of information act by Big Brother Watch.
Sandwell Council was the biggest offender and the second worst authority in the UK when it came to the number of times it had blundered with personal information, with 187 breaches in total.
Wolverhampton was also in the top ten worst offenders with 100 cases of data being mishandled, while Coventry was close behind with 90 cases. Birmingham performed comparatively well, with just seven leaks across the period – despite being by far the largest authority.
A Big Brother Watch spokesman said: “As it stands, data protection training is not compulsory for those handling personal information. This needs to be rectified.
“Both the public and the staff working in local authorities need to be able to trust that when a breach occurs it will be treated with the same approach across all organisations.
“This should include a duty to inform people when their personal information may have been involved in a breach.”
Across the whole of the UK, there were 4,236 data breaches between April 2011 and April 2014.
These included the theft of 68 laptops, 14 USB sticks and seven PCs as well as workers misplacing 31 BlackBerry devices, 19 USBs and 12 mobile phones.
Of the 4,236 breaches, 658 directly involved the loss of children’s data.
Big Brother Watch called for harsher punishments for serious data breaches, including jail terms, criminal records and mandatory reporting of breaches.
Data protection training should be mandatory for members of staff with access to personal information, the group adds.
Sandwell Council Jan Britton said it approach to any breaches.
She said: “While we may appear second in this list, this may well be chief executive had a robust potential data because we take the issue so seriously and because staff tell us about incidents.
“The vast majority of all reported incidents invariably turn out to be either internal mis-directed emails or mis-addressed letters.
“These account for 130 of these incidents. In all cases, the council’s first response will always be to either get the information back or to confirm it has been destroyed so it doesn’t get passed on. Where the situation does contain sensitive personal data we always communicate these incidents to the ICO (Information Commissioner’s Office).
“One of the reasons for Sandwell having such a high figure of incidents follows on from a successful internal campaign to highlight what constitutes data incidents.”
In 68 per cent of cases across the UK, no disciplinary action was taken against the employees involved in the blunders while just 50 were fired.
Only one court case relating to data protection has taken place in which an employee of Southampton Council was successfully prosecuted by the ICO for having transferred highly sensitive data to his personal email account.
The Big Brother Watch spokesman added: “A breach of trust highlights a number of major issues which need to be resolved.
“Until proper punishments for the misuse of personal information is implemented, the problem has the potential to grow, particularly as the gathering of data increases year on year with new technologies and a move to paperless systems.”