Council data breaches

East Devon District Council

East Devon District Council has suffered a significant data breach. As a result of the data breach 37 of the councillors have had their passwords published online.

The Council’s IT provider, Strata, in error, added the email passwords to the online profiles of the individual councillors.

Jess Bailey, the cabinet portfolio holder for corporate services of the Council was asked whether confidential information might have been accessed by other parties. The confidential information would include medical information and electoral register data.

She replied:

“In my view the actual risk of anything untoward having occurred is extremely low. However, there is no assurance that the data of residents within the emails was not accessed by anyone else. The breach is currently being investigated by the Information Commissioner Officer (ICO)”.

Unfortunately, local authority data breaches are a common occurrence. Given the private and sensitive character of the data held by the councils, breaches of personal data can be extremely distressing for those involved.

Bristol Council data breach

At the end of November Bristol City Council committed a serious personal data breach. The Council, as part of a consultation exercise, sent out a mass email to hundreds of service users. The service users are children who are either disabled or have special educational needs. But the problem was that the names and email addresses of hundreds of those children was visible to all recipients of the email.

A Bristol City Council spokesman commented:

“We are aware a breach of the General Data Protection Regulation (GDPR) has occurred and we have been in contact with those affected and have apologised. Where staff have made a mistake the matter is addressed as a training issue. Where there have been failures in policy or process any necessary changes are made to reduce the risk of a similar incident occurring in the future. In addition to an internal investigation, the ICO will also provide recommendations which Bristol City Council will act upon.”

Local councils have an obligation to protect the personal data of service users. People who have been affected by the data breaches are more likely to be prey to scams, fraud or theft as their personal data may fall into the wrong hands.

Here at DRM Legal we have found that on many occasions these data breaches are a result of human error. In other words the council is responsible for poor staff training.

If your personal data has been breached by your local council, get in touch and our team at DRM Legal will confirm if you have a data breach compensation claim.