FIVE more councils say soz for exposing people’s privates
The Information Commissioner’s Office has found that five local authorities have breached the Data Protection Act by failing to protect personal information about citizens.
Basingstoke and Deane Borough Council breached the Data Protection Act four times over two months in 2011. In one incident, which occurred in May, an individual was mistakenly sent information relating to 29 people who were living in supported housing.
The council has since signed an undertaking committing it improving its handling of private information.
In July last year, a member of staff at Brighton and Hove council emailed personal details about another council employee to 2,821 council workers. The ICO said that in the previous year a “third party” had informed it about the theft of an unencrypted laptop belonging to the council from the home of a temporary employee.
Brighton and Hove has now given a commitment to ensure that the personal information they process is secure, including making sure that all portable devices used to store personal data are encrypted.
According to the ICO, similar undertakings have also been signed by Dacorum Borough Council, Bolton Council and Craven District Council. It has also issued an enforcement notice to Staffordshire County Council over its mishandling of a subject access request.
Information Commissioner Christopher Graham said: “At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty.
“We must also consider the detrimental impact these breaches continue to have on the individuals affected. Disclosing details about someone’s social housing status can be upsetting and damaging for those affected. To help tackle this issue I’ve submitted a business case to the government to ask for them to extend my compulsory audit powers.”
This article was originally published at Guardian Government Computing.
Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.