Hundreds of data protection breaches investigated at Norfolk and Suffolk councils
- Credit: PA
There have been hundreds of data protection breaches at our councils in the last two years, including information sent to the wrong people, being lost or even stolen.
This newspaper asked Norfolk County Council for details of data protection breaches under the Freedom of Information Act, after it was fined £60,000 by the Information Commissioner's Office (ICO) in March for leaving files that included sensitive information about children in a cabinet sent to a second hand shop in April 2014.
In the same year, another serious data protection breach was referred to the ICO by the council. In this case information was left insecure and released 'inappropriately' to a third person, the council said.
The ICO visited the council last year to investigate its data protection measures.
It found there was 'reasonable assurance' that 'processes and procedures are in place and delivering data protection compliance'.
You may also want to watch:
However, over the last two years, there have been 280 breaches investigated by the council. The most common was information being sent to the wrong email or postal address. This happened 112 times.
That was followed by information 'inappropriately' disclosed in writing or orally to people outside of the council, which happened 67 times.
- 1 Londoners fined for travelling to stay at second home in Norfolk
- 2 Man in 20s dies and three hurt as Audi crashes into wall
- 3 'Fighting every shift' - intensive care nurse's harrowing Covid video diary
- 4 Met Office warns of snow at weekend
- 5 School shuts 20 minutes before opening time after staff Covid case
- 6 Staff lose jobs at retailer Outfit with plans to close permanently
- 7 'Extraordinary' outbreak of Covid in Norwich prison
- 8 Boss locked out of own salon after Covid 'vigilantes' glue door shut
- 9 A148 shut for 'most of morning' after serious crash
- 10 Military personnel deployed to help N&N cope with Covid pressures
There were also breaches from equipment being stolen (once), and information or equipment being lost (12 times).
On six occasions information was inappropriately accessed by council employees.
This newspaper also asked the council how many of these breaches resulted in disciplinary proceedings. They said this happened in a 'small number of cases' but would not say how many.
A spokesman for the council said: 'We handle a huge amount of personal data every day and we take our duty to protect data seriously. So we decided to record every data incident no matter how small and carefully investigate and review these incidents with a view to taking our findings into account in our procedures for staff and in our training.
'In many cases there has been no loss of data or sharing of data outside of the authority; for example, many relate to emails sent to the wrong person within the organisation.'