Norfolk County Council sells filing cabinet with confidential information still inside

Norfolk County Council. County Hall. Photo : Steve Adams

Norfolk County Council. County Hall. Photo : Steve Adams - Credit: Archant

Personal details of some of the region's most vulnerable people has been lost, misused or mistakenly shared in a string of blunders - including one where a council sold a filing cabinet which still contained confidential files.

New figures have revealed the number of data breaches at local authorities in Norfolk, Suffolk and Cambridgeshire over the past year, with more than 200 incidents where information councils are entrusted with was not handled properly.

One of the most shocking blunders came in Norfolk where confidential files containing details of adults and children was left in a filing cabinet which was sold following an office move.

Norfolk County Council said the cabinet had been removed by a private company and sold. The council said the information left in it was retrieved from the buyer within an hour of it being reported.

Further checks were made to ensure no files had been left in other cabinets which has been sold. The council reported itself to the Information Commissioner's Office - the independent watchdog which checks up on how information is handed - and has yet to hear if action will be taken. The council says it has introduced tighter processes for office closures.

That was one of 165 breaches at County Hall, revealed using the Freedom Of Information Act, many of which are still being investigated.

The bulk were human error, such as emails and letters, containing confidential information, being sent to the wrong person.

Most Read

In another instance, a social worker was disciplined after contravening confidentiality by looking up a family member in the council's records. The council refused to reveal what that disciplinary action was.

Mobile phones, blackberries and laptops have also been lost, while at least two adult social care case files have gone missing. The council says those have probably been 'misfiled'.

Anne Gibson, executive director of resources at Norfolk County Council said: 'We have about 6,000 people working at the council, and on any one day they handle literally thousands of pieces of personal information.

'Thankfully, data protection breaches are not common but we take the security of information very seriously, and we are sorry for any instances where the council has not looked after information properly.

'We are driving forward higher standards for data security, and staff are in no doubt about the need to care for personal information carefully at all times.' She said that was backed up by training and stressed the authority expected every incident to be reported and people held to account.

Suffolk County Council had 42 breaches between March last year and April this year, of which 36 were 'human error', while Cambridgeshire County Council had 14. That included a member of the public finding an unencrypted memory stick containing confidential information and a laptop being stolen from a children's home.

There were also eight breaches at Norwich City Council and one at North Norfolk District Council.

• Do you have a story about a local council? Call reporter Dan Grimmer on 01603 772375 or email

Become a Supporter

This newspaper has been a central part of community life for many years. Our industry faces testing times, which is why we're asking for your support. Every contribution will help us continue to produce local journalism that makes a measurable difference to our community.

Become a Supporter