10.02.12
Data protection breaches by five councils
Five councils have breached the Data Protection Act by failing to keep people’s personal information secure, the Information Commissioner, Christopher Graham has announced.
Basingstoke and Deane Borough Council breached the act on four separate occasions during a two month period last year. They have now signed a commitment to address the problems highlighted in each incident, including the introduction of appropriate checks to ensure personal information is handled in compliance with the act.
Brighton and Hove Council emailed the details of another member of staff’s personnel data to 2,821 council workers and have also signed a commitment. Further undertakings have also been signed by Dacorum Borough Council, Bolton Council and Craven District Council. An enforcement notice has been issued to Staffordshire County Council over its mishandling of a subject access request.
The ICO has produced guidance for local authorities explaining their obligations to keep personal information secure as well as advice on security measures to ensure this is achieved.
Graham said: “At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty.
“We must also consider the detrimental impact these breaches continue to have on the individuals affected. Disclosing details about someone’s social housing status can be upsetting and damaging for those affected. To help tackle this issue I’ve submitted a business case to the government to ask for them to extend my compulsory audit powers.”
Tell us what you think – have your say below, or email us directly at [email protected]