Bedfordshire Council (“the Council”) has been severely criticised for breaching the data of 100 people with special educational needs (“SEND”). The data breach seems to have happened on Monday 11 May 2022, when the Council was responding to a Freedom of Information Act request.
The information was published on a website called whatdotheyknow.com and was supposed to include only statistical details. Instead, as a result of human error, the uploaded information included names, disability or special needs details and school placement information. This is of particular concern especially for adopted children and foster parents, whose names and details might have been included.
What the Council had to say about the breach
A spokesman on behalf of the Council stated:
“CBC takes its responsibility of looking after people’s personal data extremely seriously and our employees receive regular training around protecting personal and sensitive information.
“Regrettably we were made aware of data being accidentally released to a public website on Monday (May 9th) afternoon. But our officers worked swiftly to get the information removed.
“We’re extremely sorry to all of those affected and we’re in the process of contacting the families to apologise directly. We’ve reported the incident to the Information Commissioner’s Office (ICO) and will work positively with that independent authority.
“Changes have been made to our procedures already in response to this incident. We’ll quickly act on any feedback from the ICO to make our data protection systems even more robust.”
Central Bedfordshire SEND Action Group also commented on the breach stating:
“We were extremely concerned, yet unsurprised to learn about the data breach”.
“It is the latest in a long history of incompetence and disregard for the law in relation to SEND families.
‘This catastrophic mistake poses a particular safeguarding risk to fostered and adopted children and demonstrates the ongoing culture of negligence toward SEND children that has been ingrained at CBC for at least a decade.”
What happens next?
The Council might be fined by the ICO, once the ICO have finalised their investigations. But people affected by the breach could claim compensation for any loss (financial or distress) they have suffered.
If the Council have written to you to inform you of the breach or if you are worried that your information was compromised, please feel free to get in touch with DRM Legal and one of our specialist solicitors will advise you if you can bring a data breach compensation claim.