Technology experts have urged councils to improve their data management, after a comprehensive Freedom of Information survey revealed town halls had lost the personal details of more than 160,000 people over the past five years.
According to the Bureau of Investigative Journalism, the personal details of 26,000 people went missing in the first half of 2011 alone.
The greatest single leak occurred in 2009, when Birmingham City Council found it had lost track of a USB stick containing the personal details of 64,000 social housing tenants. Information contained included contact details and dates of birth. The council informed all those affected and has since taken steps to improve information security by password protecting USB sticks.
In May, Rochdale MBC reported the loss of an unencrypted memory stick holding personal data and housing information on 18,904 housing tenants.
The council, which is subject to an investigation by the Information Commissioner’s Office, which can fine organisations £500,000 for serious breaches of the Data Protection Act, is yet to notify victims or implement disciplinary measures.
On 2 September the data watchdog forced the Scottish Children’s Reporter Administration to sign an undertaking for two serious lapses.
The first concerned the abandonment of nine sensitive case files in a cabinet subsequently sold on to a second-hand furniture shop. In a second case, legal papers for a court hearing, which included details of physical abuse and the identities of a child’s mother and witnesses, were sent to the wrong email address.
Mark Brett, policy and programme manager for local government IT experts SOCITM, told The MJ lack of consistency in information security standards plagues the sector. He also noted that, in certain high-profile cases, the determined efforts of pro-active chief information officers had been stymied by people at ground level doing very silly and avoidable things.
Mr Brett warning that some senior managers don’t fully understand the risks and consequences of data-breaches and advised councils to raise vigilance at all levels through staff awareness training and a greater use of common sense. Many security threats would be nullified ‘if people treated personal information in the same way they treated personal money or valuables’, he said.
