Hundreds of data protection breaches investigated at Norfolk and Suffolk councils
- Credit: PA
There have been hundreds of data protection breaches at our councils in the last two years, including information sent to the wrong people, being lost or even stolen.
This newspaper asked Norfolk County Council for details of data protection breaches under the Freedom of Information Act, after it was fined £60,000 by the Information Commissioner's Office (ICO) in March for leaving files that included sensitive information about children in a cabinet sent to a second hand shop in April 2014.
In the same year, another serious data protection breach was referred to the ICO by the council. In this case information was left insecure and released 'inappropriately' to a third person, the council said.
The ICO visited the council last year to investigate its data protection measures.
It found there was 'reasonable assurance' that 'processes and procedures are in place and delivering data protection compliance'.
You may also want to watch:
However, over the last two years, there have been 280 breaches investigated by the council. The most common was information being sent to the wrong email or postal address. This happened 112 times.
That was followed by information 'inappropriately' disclosed in writing or orally to people outside of the council, which happened 67 times.
- 1 Pedestrian dies after being hit by lorry on A47
- 2 Tributes as Leanne, 29, dies after receiving cancer 'all-clear'
- 3 Major rush hour delays expected as crash involving lorry closes part of A47
- 4 Norfolk receives overnight flood warnings
- 5 Pupil taken to hospital after incident at Thorpe St Andrew school
- 6 Flood warnings along Norfolk coast, with Wells flood gate in place
- 7 'It was like a river' - Flood damage forces couple to move out
- 8 Horse dies two months after being set on fire
- 9 New Tesco store to open in coastal town centre
- 10 Two Norfolk care homes among the best in region
There were also breaches from equipment being stolen (once), and information or equipment being lost (12 times).
On six occasions information was inappropriately accessed by council employees.
This newspaper also asked the council how many of these breaches resulted in disciplinary proceedings. They said this happened in a 'small number of cases' but would not say how many.
A spokesman for the council said: 'We handle a huge amount of personal data every day and we take our duty to protect data seriously. So we decided to record every data incident no matter how small and carefully investigate and review these incidents with a view to taking our findings into account in our procedures for staff and in our training.
'In many cases there has been no loss of data or sharing of data outside of the authority; for example, many relate to emails sent to the wrong person within the organisation.'