There is an underlying problem with data protection in local government
The Information Commissioner’s Office (ICO) has criticised local government’s attitude towards protecting personal data, after four local councils were issued civil monetary penalties.
Leeds City Council was served a monetary penalty of £95,000, Plymouth City Council £60,000 and Devon County Council £90,000 after separate incidents saw details of child care cases sent to the wrong recipients, while the London Borough of Lewisham was issued a penalty of £70,000 after social work papers were left on a train.
The penalties mean that nineteen local councils have now received monetary penalties for breaching the Data Protection Act, totalling £1,885,000.
Information Commissioner Christopher Graham said:
“We are fast approaching two million pounds worth of monetary penalties issued to UK councils for breaching the Data Protection Act, with nineteen councils failing to have the most straightforward of procedures in place
“It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.
“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated.
“There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems.”
The ICO is pressing the Ministry of Justice for stronger powers to audit local councils’ data protection compliance, if necessary without consent. The same powers are sought for NHS bodies across the UK following a series of data protection breaches in the health sector.
Visit the Information Commissioner’s Office to find out more about this article.