Birmingham City Council has suffered a serious data breach incident in which information relating to “vulnerable” children. Their data was mistakenly uploaded to a Brum account, a website that allows taxpayers to access services offered by the local authority. The authority has said that the breach happened as a result of human error – with a staff member mistakenly uploading the private information.
By email of 19 March, the authority confirmed that data relating to youngsters entitled to free bus passes was uploaded in error by staff and was “potentially available externally”. The information was taken down promptly and although it might be argued that the data breach is of little consequence, the Council reported the incident to the Information Commissioner’s Office (ICO) “due to the scale and serious nature of this incident”.
Even though the ICO concluded that no further investigation was necessary the details of children could have easily been accessed by unauthorised third parties. And this could place those children at high risk of being targeted by people with malicious intent, such as organized crime gangs running county lines drugs distribution networks.
Birmingham City Council’s data breach is yet another reminder that it is critically important that staff members employed by local authorities are appropriately trained in data protection and security measures and the implications of non-compliance with such measures.
If you have suffered distress because of an unauthorised disclosure by local authorities, you might be eligible to make a claim for compensation. Please get in touch with DRM Legal and one of our data breach specialists will explain your entitlement to compensation.