Revealed: 1,000 data breaches at Norfolk County Council over five years

One of the most common causes of data protection breaches is information being emailed to the wrong

Norfolk County Council had over a thousand data breaches since 2016 - Credit: PA

New data has revealed that Norfolk County Council experienced more than 1,200 data breaches in the past five years. 

A total of 1,226 data breaches were recorded at the council between 2016 and 2021. 

The figures looked at incidents of data breaches caused by human error over the last five years.

A data breach is when personal information about an individual is either provided to a third party who is not entitled to that information or is provided without the prior consent from the data subject.

A breakdown of county council data from the last five years showed the number of breaches increased year on year. 

Over the 2016/2017 period there were 106 breaches but from 2019 onwards there were more than 300 breaches each year.  

The council said only a very small number of the data breaches were reported to the Information Commissioner's Office (ICO).

Most Read

Helen Edwards, director of governance at Norfolk County Council, said: “We take our responsibilities to protect the data of our residents seriously.

"We encourage any breach involving personal data to be reported as this allows us to understand and improve our practices.

"The majority of our breaches relate to an email being sent to the wrong internal or external recipient and this accounts for less than 0.0016pc of the emails we send.

"On average, less than 10 of the 300 or so reported breaches each year have required us to notify the Information Commissioner's Office and in the majority of these cases they have concluded that we have already taken the appropriate action to contain and rectify the breach.” 

Norfolk County Council has previously been penalised for data breaches.

In 2017 it was fined £60,000 by the ICO for leaving files which included sensitive information about children in a cabinet sent to a second hand shop in April 2014.

The figures obtained from a Freedom of Information request by VPN Overview, a cybersecurity and data privacy website, showed the council had the sixth most data breaches out of the authorities which responded.

Hampshire County Council had the highest number of data breaches, with Gloucestershire, Lancashire, Warwickshire and East Sussex County Councils following after. 

Become a Supporter

This newspaper has been a central part of community life for many years. Our industry faces testing times, which is why we're asking for your support. Every contribution will help us continue to produce local journalism that makes a measurable difference to our community.

Become a Supporter