IT Systems and Data Protection

01.09.17

County fined £70,000 over ‘inexcusable’ personal data breach

Nottinghamshire County Council has been fined £70,000 by the Information Commissioner’s Office (ICO) following a serious data protection breach that left vulnerable people’s personal information online for five years.

Despite the Data Protection Act requiring organisations to keep personal data secure, the local authority posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory which didn’t have basic security or access restrictions.

The matter was only discovered after a member of the public using a search engine was able to access and view the data without the need to log in. The information also revealed whether or not the vulnerable people were still in hospital.

Steve Eckersley, ICO head of enforcement, said this was a serious and prolonged breach of the law.

“For no good reason, the council overlooked the need to put robust measures in place to protect people’s personal information, despite having the financial and staffing resources available,” he added.

“Given the sensitive nature of the personal data and the vulnerability of the people involved, this was totally unacceptable and inexcusable. Organisations need to understand that they have to treat the security of data as seriously as they take the security of their premises or their finances.”

The council had launched its ‘Home Care Allocation System’ (HCAS), an online portal allowing social care providers to confirm that they had capacity to support a particular service user, in July 2011. When the breach was reported in June 2016, the HCAS contained a directory of 81 service users. It is understood the data of 3,000 people had been posted in the five years the system was online.

Although the names of the service users were not included, the ICO noted that a determined person would be able to identify them. The regulator added that the county council offered no mitigation.

Responding to the fine, Caroline Baria, adult social care service director at Nottinghamshire County Council, said the local authority takes its responsibility for data security extremely seriously “so we are very sorry that this error occurred and wholeheartedly accept the Information Commissioner’s findings”.

“As soon as this matter came to our attention we removed the home care directory from the internet and reported the incident to the commissioner,” she said. “At the time, the directory included partial addresses and a brief outline of the care needs of 81 people who have required home care services, but the information did not contain any names or house numbers.

“A full review of procedures has been carried out and we are now using a different system for home care providers outside of the internet.”

Nottinghamshire is the latest authority to have been reprimanded by the ICO, with Basildon Borough Council recently being hit with a £150,000 fine after publishing personal information online and Gloucester City Council being hit with a £100,000 penalty aster a cyber-attack exposed information about its employees to hackers.

Have you got a story to tell? Would you like to become a PSE columnist? If so, click here

Comments

There are no comments. Why not be the first?

Add your comment

 

public sector executive tv

more videos >

latest public sector news

Metro mayors call on PM to review criteria for allocation of housing funding

20/02/2018Metro mayors call on PM to review criteria for allocation of housing funding

Four metro mayors have written an open letter to the prime minister calling for more investment in brownfield sites in their cities. Andy Burnha... more >
Parliament told to vote on boundary review as soon as possible

20/02/2018Parliament told to vote on boundary review as soon as possible

The House of Commons should vote as soon as possible on whether to continue with the parliamentary boundary review, the Public Administration and C... more >
Seven council staff members arrested in fraud investigation

19/02/2018Seven council staff members arrested in fraud investigation

Seven members of staff at Cardiff Council have been arrested on suspicion of fraud. A council spokesperson confirmed that eight people were ... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this... read more >

last word

The importance of openness after Grenfell

The importance of openness after Grenfell

Following the recent Grenfell Tower tragedy, Lord Porter, chairman of the LGA, argues that if the public are going to have faith in the safety testing process then everything must be out in the o... more > more last word articles >
Metro mayors call on PM to review criteria for allocation of housing funding

20/02/2018Metro mayors call on PM to review criteria for allocation of housing funding

Four metro mayors have written an open letter to the prime minister calling for more investment in brownfield sites in their cities. Andy Burnham, mayor of Greater Manchester, Andy Street, mayor... more >
Parliament told to vote on boundary review as soon as possible

20/02/2018Parliament told to vote on boundary review as soon as possible

The House of Commons should vote as soon as possible on whether to continue with the parliamentary boundary review, the Public Administration and Constitutional Affairs Committee (PACAC) has argued... more >

the raven's daily blog

Whole of government must act together to fulfil the ambition of the Industrial Strategy

11/12/2017Whole of government must act together to fulfil the ambition of the Industrial Strategy

Jen Rae, head of innovation policy at Nesta, says the aims in the government’s new Industrial Strategy are ambitious, but will require a shift in policymaking in order to be realised in full. Last Monday saw the long-awaited launch of the UK’s new Industrial Strategy, the government’s plan for prosperity and growth in a ... more >
read more blog posts from 'the raven' >

comment

Lord Porter: Uncharted waters

19/02/2018Lord Porter: Uncharted waters

Lord Porter CBE, chairman of the LGA, analyses the expected impact of the final local government finance settlement on councils of all shapes and... more >
Fixing the broken housing market

19/02/2018Fixing the broken housing market

Joe Anderson, mayor of Liverpool and leader of Liverpool City Council, discusses how the authority’s newly formed company Foundations is wo... more >
The power of apprenticeships

14/02/2018The power of apprenticeships

David Willett, corporate director at The Open University, describes how the apprenticeship levy can help public sector organisations unlock leade... more >
Building connected communities

22/12/2017Building connected communities

Andrew Walker, policy researcher at the Local Government Information Unit (LGiU), argues councils must be supported to develop good connectivity ... more >

interviews

BIM: Digitising the public sector

19/02/2018BIM: Digitising the public sector

PSE’s Josh Mines talks to Stephen Crompton, CTO at GroupBC, and Stuart Bell, the company’s sales and marketing director, about how Bu... more >
Duncan Selbie: The energy of devolution

19/02/2018Duncan Selbie: The energy of devolution

The NHS plays a part in keeping the country well – but when it comes to places and their people, local government has a major role to fulfi... more >
Are we taking a risk on education?

14/12/2017Are we taking a risk on education?

Adrian Prandle, director of economic strategy and negotiations at the National Education Union (NEU), questions the stark lack of announcements a... more >
A fantastic opportunity awaits you

11/12/2017A fantastic opportunity awaits you

Eight months on from the government’s announcement of major training reforms, Anne Milton, minister for apprenticeships and skills at the D... more >

public sector focus

View all News