The BBC reports on findings by Big Brother Watch that 132 local authorities lose sensitive information including details of children in care. The failings were uncovered using Freedom of Information requests and at least 1035 incidents of data being lost and stolen.
At least 244 laptops and portable computers were lost. A minimum of 98 memory sticks and more than 93 mobile devices went missing. Of the 1035 incidents, local authorities reported that just 55 were reported to the Information Commissioner’s Office while just 9 incidents resulted in termination of employment.
Nick Pickles, director of Big Brother Watch, said:
“This research highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils. The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting the privacy of their service users and local residents.
“For more than 3,000 children and young people to have their personal information compromised is deeply disturbing, as in most cases parents will not be aware of the incidents. However, equally concerning is that 263 local authorities claim to have not lost a single mobile phone or memory stick, which seems surprising given the scale of loss in other authorities and the private sector.
“As just 55 of these incidents were reported to the Information Commissioner’s Office, there is a clear need for the ICO to have the power to audit organisations without needing their consent to ensure that the ICO is fully aware of data protection breaches.
“Despite having access to increasing amounts of data and being responsible for even more services, local authorities are simply not able to say our personal information is safe with them.”
Cases included an unencrypted memory stick containing highly confidential childcare data being lost on a Durham Street, a Kensington and Chelsea council employee losing documents in a pub including name, address, date of birth, health reports, income reports and photographs of service users and scanned case notes belonging to Kent Council being found on Facebook.
They also included a 50 page dossier from Northamptonshire Children and Young People's Services sent to the wrong parent, a briefcase left in a car park containing caseworker notes of approximately 20 service users, Buckinghamshire County Council revealing 2,000 email addresses in a public mailshot and a North Somerset email account being compromised in a phishing attack.
The top ten worst offending authorities were:
- Buckinghamshire (72 incidents)
- Kent (72)
- Essex (62)
- Northamptonshire (48)
- North Yorkshire (46)
- Renfrewshire (41)
- West Sussex (36)
- Tower Hamlets (31)
- Telford and Wrekin (30)
- Cornwall (25)