IT Systems and Data Protection

01.09.17

County fined £70,000 over ‘inexcusable’ personal data breach

Nottinghamshire County Council has been fined £70,000 by the Information Commissioner’s Office (ICO) following a serious data protection breach that left vulnerable people’s personal information online for five years.

Despite the Data Protection Act requiring organisations to keep personal data secure, the local authority posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory which didn’t have basic security or access restrictions.

The matter was only discovered after a member of the public using a search engine was able to access and view the data without the need to log in. The information also revealed whether or not the vulnerable people were still in hospital.

Steve Eckersley, ICO head of enforcement, said this was a serious and prolonged breach of the law.

“For no good reason, the council overlooked the need to put robust measures in place to protect people’s personal information, despite having the financial and staffing resources available,” he added.

“Given the sensitive nature of the personal data and the vulnerability of the people involved, this was totally unacceptable and inexcusable. Organisations need to understand that they have to treat the security of data as seriously as they take the security of their premises or their finances.”

The council had launched its ‘Home Care Allocation System’ (HCAS), an online portal allowing social care providers to confirm that they had capacity to support a particular service user, in July 2011. When the breach was reported in June 2016, the HCAS contained a directory of 81 service users. It is understood the data of 3,000 people had been posted in the five years the system was online.

Although the names of the service users were not included, the ICO noted that a determined person would be able to identify them. The regulator added that the county council offered no mitigation.

Responding to the fine, Caroline Baria, adult social care service director at Nottinghamshire County Council, said the local authority takes its responsibility for data security extremely seriously “so we are very sorry that this error occurred and wholeheartedly accept the Information Commissioner’s findings”.

“As soon as this matter came to our attention we removed the home care directory from the internet and reported the incident to the commissioner,” she said. “At the time, the directory included partial addresses and a brief outline of the care needs of 81 people who have required home care services, but the information did not contain any names or house numbers.

“A full review of procedures has been carried out and we are now using a different system for home care providers outside of the internet.”

Nottinghamshire is the latest authority to have been reprimanded by the ICO, with Basildon Borough Council recently being hit with a £150,000 fine after publishing personal information online and Gloucester City Council being hit with a £100,000 penalty aster a cyber-attack exposed information about its employees to hackers.

Have you got a story to tell? Would you like to become a PSE columnist? If so, click here

Comments

There are no comments. Why not be the first?

Add your comment

 

public sector executive tv

more videos >

latest public sector news

District and borough authorities begin challenge against Nottinghamshire super-council

20/07/2018District and borough authorities begin challenge against Nottinghamshire super-council

Gedling council members have emphatically outlined their stance against a potential mega-merger in Nottinghamshire that could see borough and dis... more >
Northamptonshire new CEO approved by Full Council to lead area through ‘unprecedented time of change’

20/07/2018Northamptonshire new CEO approved by Full Council to lead area through ‘unprecedented time of change’

Northamptonshire County Council’s new chief executive has been endorsed at the authority’s Full Council meeting yesterday, with the a... more >
‘Naming and shaming index’ for bankrupt councils fails to offer genuine solution

20/07/2018‘Naming and shaming index’ for bankrupt councils fails to offer genuine solution

An index designed to measure councils’ financial resilience in order to avoid another Northamptonshire-style fiasco would actually risk ove... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this... read more >

last word

The importance of openness after Grenfell

The importance of openness after Grenfell

Following the recent Grenfell Tower tragedy, Lord Porter, chairman of the LGA, argues that if the public are going to have faith in the safety testing process then everything must be out in the o... more > more last word articles >
District and borough authorities begin challenge against Nottinghamshire super-council

20/07/2018District and borough authorities begin challenge against Nottinghamshire super-council

Gedling council members have emphatically outlined their stance against a potential mega-merger in Nottinghamshire that could see borough and district authorities being scrapped. Nottinghams... more >
Northamptonshire new CEO approved by Full Council to lead area through ‘unprecedented time of change’

20/07/2018Northamptonshire new CEO approved by Full Council to lead area through ‘unprecedented time of change’

Northamptonshire County Council’s new chief executive has been endorsed at the authority’s Full Council meeting yesterday, with the authority’s leader saying the new CEO “... more >

the raven's daily blog

One step closer to voter IDs at elections

19/07/2018One step closer to voter IDs at elections

Chloe Smith MP, Minister for the Constitution, evaluates the outcomes of the voter ID pilots conducted at the last local elections. We are one step closer to strengthening the integrity of our electoral system through requiring electors to confirm their identity before they vote, building on the government’s commitment to safeguard ... more >
read more blog posts from 'the raven' >

comment

One step closer to voter IDs at elections

19/07/2018One step closer to voter IDs at elections

Chloe Smith MP, Minister for the Constitution, evaluates the outcomes of the voter ID pilots conducted at the last local elections. We are o... more >
Accountability in government: what next?

02/07/2018Accountability in government: what next?

Benoit Guerin, senior researcher at the Institute for Government (IfG), explains why accountability in government needs improving and sets out wh... more >
Potholes: The scourge of the roads

02/07/2018Potholes: The scourge of the roads

Potholes are a scourge on our roads and can have much farther-reaching consequences than one might think. Re-routing just a small amount of exist... more >
Can data save the future of children?

02/07/2018Can data save the future of children?

Ingrid Koehler, service innovation lead at the LGiU, takes a look at the untapped potential for a digital, data-led transformation of children&rs... more >

interviews

Data at the heart of digital transformation

03/04/2018Data at the heart of digital transformation

SPONSORED INTERVIEW Grant Caley, UK & Ireland chief technologist at NetApp, speaks to PSE’s Luana Salles about the benefits of movin... more >
GDPR: The public sector scarecrow

03/04/2018GDPR: The public sector scarecrow

SPONSORED INTERVIEW PSE’s Josh Mines chats to Martin de Martini, CIO of Y Soft, about what the General Data Protection Regulation (GDPR)... more >
Keeping London safe

05/03/2018Keeping London safe

Theo Blackwell, London’s first-ever chief digital officer (CDO), speaks to PSE’s Luana Salles about the role he plays in ensuring the... more >
BIM: Digitising the public sector

19/02/2018BIM: Digitising the public sector

PSE’s Josh Mines talks to Stephen Crompton, CTO at GroupBC, and Stuart Bell, the company’s sales and marketing director, about how Bu... more >

public sector focus

View all News