Mark Whitehead 01 September 2017

County fined £70,000 for 'serious and prolonged' data breach

County fined £70,000 for serious and prolonged data breach image

Nottinghamshire County Council has apologised for leaving vulnerable people’s personal information exposed online after being fined £70,000 by data protection watchdogs.

It admitted that leaving the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory which had no basic security or access restrictions such as a username or password was a mistake.

A member of the public raised the alarm after realising they could access and view the data without logging in and worried it could be used by criminals to target vulnerable people.

Information Commissioner’s Office head of enforcement Steve Eckersley said it had been a 'serious and prolonged' breach of the Data Protection Act.

'For no good reason, the council overlooked the need to put robust measures in place to protect people’s personal information, despite having the financial and staffing resources available.

'Given the sensitive nature of the personal data and the vulnerability of the people involved, this was totally unacceptable and inexcusable.'

Caroline Baria, the council's adult social care service director, said: 'Nottinghamshire County Council takes its responsibility for data security extremely seriously so we are very sorry that this error occurred and wholeheartedly accept the information commissioner’s findings.

'As soon as this matter came to our attention we removed the home care directory from the internet and reported the incident to the commissioner.

'At the time the directory included partial addresses and a brief outline of the care needs of 81 people who have required home care services, but the information did not contain any names or house numbers.

'A full review of procedures has been carried out and we are now using a different system for home care providers outside of the internet.'

SIGN UP
For your free daily news bulletin
Highways jobs

Principal Flood Risk Officer

Lancashire County Council
£42,683-£46,566
We have an exciting opportunity for a Principal Floor Risk Officer Lancashire
Recuriter: Lancashire County Council

Duke of Edinburgh Youth Support Worker

Essex County Council
£14597.0 - £19106.0 per month
Please note this is a part time contract - annualised hours 106 per year. Therefore the actual salary range is from £995.44 up to £1049.79 per annum. England, Essex, Harlow
Recuriter: Essex County Council

Head of Internal Audit

Kent County Council
Up to £97,000 + benefits
We now have an exciting opportunity to strengthen and shape our Audit function, as... Maidstone, Kent
Recuriter: Kent County Council

Director of Children’s Services

St. Helens Metropolitan Borough Council
circa £120,000
This is an exceptional opportunity for someone who wants to make a real difference to the children, young people and families of our Borough. St Helens, Merseyside
Recuriter: St. Helens Metropolitan Borough Council

Assistant Director, Social Care & Public Health Commissioning

Bolton Metropolitan Borough Council
c£71,000 to £89,000 per annum
Reporting to the Director of Strategic Commissioning you will lead Commissioning in the context of a developing Integrated Care System.  Bolton, Greater Manchester
Recuriter: Bolton Metropolitan Borough Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue