Think your data is kept safe from prying eyes when its given to local authorities? Think again…
According to privacy campaign group Big Brother Watch, councils in the United Kingdom have committed breaches of sensitive data an average of nearly four times per day in the last three years.
“A Breach of Trust,” (PDF) a report developed by reviewing Freedom of Information requests, showed that, between April 2011 and April 2014, United Kingdom councils were part of 4,236 incidents of sensitive data being compromised. In the report, Big Brother Watch noted 628 cases of “incorrect or inappropriate” data shares via email, letter or fax. In addition, confidential data went missing 260 times, and unauthorized persons accessed or divulged data 99 times.
For example, Windsor and Maidenhead Borough Council wrongly exposed 257 people’s personal data on its intranet. Likewise, a CCTV worker used security cameras to watch a coworker’s wedding. One council employee’s laptop that held personal information for school children was stolen, and an employee left behind a print version of such information on a train.
The report stated:
“Current penalties for serious data breaches do not deter individuals who are seriously considering breaking the law. Judges presented with serious data breaches should be able to hand out custodial sentences if the perpetrator is found guilty of a serious breach.”
Recent reports show corrective action had been taken in only one in 10 of these data breaches. Furthermore, “A Breach of Trust” notes that human error is much more common than attacks on data from hackers.
After releasing this new report, Big Brother Watch has requested that local authorities regulate data breaches more closely and asked that consequences such as incarceration be considered for employees in severe circumstances of data compromise.
Emma Carr, director of Big Brother Watch said:
“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them.
“Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences, are all required.”
In response, the Local Government Association said “councils take data protection extremely seriously.”
“Staff are given ongoing training in handling confidential data. Given the huge volume of data councils handle, breaches are proportionately rare. When they do occur, robust investigations and reviews are immediately undertaken to ensure processes are tightened.”
However Carr still questions how seriously councils handle our privacy:
“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public.
“Far more could be done to prevent and deter data breaches. Better training, reporting procedures and harsher penalties for the most serious of data breaches, including criminal records and custodial sentences are all required. Until we see these policies implemented, the public will simply not be able to trust local councils with their data.”