Councils misused & lost citizens’ data thousands of times - privacy watchdog

© Jim Urquhart
Privacy rights campaigners are demanding that UK council staff face prosecution after an investigation revealed government employees stole, lost or inappropriately accessed citizens’ sensitive material over 4,000 times.

A study by Big Brother Watch, published on Tuesday, revealed councils recorded 4,236 data breaches over a three-year period from April 2011 to April 2014 – a rate of nearly four a day.

In one case, sensitive information about children and sex offenders was left on a train, while in another an employee at Thanet Council in Kent was fired after accessing benefit claim records “inappropriately.”

The privacy watchdog criticized councils for their “shockingly lax attitudes to protecting confidential information.”

Researchers at the campaign group based their study on a slew of Freedom of Information (FoI) requests sent to each local authority in the UK.

They discovered that fewer than one in 10 council workers were punished for privacy breaches, while staff resigned in 39 cases and 50 employees were dismissed.

Big Brother Watch director Emma Carr called on the government to introduce custodial sentences for serious data breaches, citing a concern about how councils handle the issue.

Despite local councils being trusted with increasing amounts of our personal data this report highlights that they are simply not able to say it is safe with them,” she said.

A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.”

Carr went on to argue only a tiny proportion of staffers who violated citizens’ privacy rights had been held accountable. She warned this “raises the question of how seriously local councils take protecting the privacy of the public.”

Big Brother Watch’s findings revealed that data was stolen on 401 occasions, with 628 cases of incorrect or inappropriate information being shared on emails, letters and faxes.

Data breaches linked to children took place on 658 occasions, while confidential information was compromised 260 times.

The organization also found that a total of 197 mobile phones, computers, tablets and USBs were lost or stolen.

More than 5,000 letters were sent to the wrong address or included content meant for another recipient, while there were 99 cases of unauthorized access to or disclosure of data.

On one occasion revealed in the study, a CCTV operator at Cheshire East Council used cameras to watch part of the wedding of a fellow member of their team.

A spokesman for the Local Government Association insisted data security is taken very seriously by civil servants.

"Councils take data protection extremely seriously and staff are given ongoing training in handling confidential data,” he said on Tuesday.

"When [breaches] do occur, robust investigations and reviews are immediately undertaken to ensure processes are tightened."