More than 50 data breaches recorded by Gateshead Council so far this year

Gateshead Civic Centre
Gateshead Civic Centre -Credit:ChronicleLive

Gateshead Council has recorded over 50 data breaches so far this year, according to published documents.

The data breaches have been blamed in local authority documents mostly on “human error” including using incorrect email addresses, attaching the wrong documents, and sending letters to the wrong addresses. Council officers must complete a data breach form, in detail, as quickly as possible, once a breach is discovered.

This allows the local authority to possibly refer a breach to the Information Commissioner’s Office (ICO) where required. If serious enough, a council only has 72 hours to report a major data breach to the ICO.

The ICO is an independent supervisory authority for data protection in the UK. Its mission statement, according to its website, states: "Our vision for data protection is to increase the confidence that the public have in organisations that process personal data."

Gateshead Council referred two breaches to the ICO in 2023. One involved some test data being mistakenly made live on "certain council-operated websites", and the other involved social work and or occupational health data being posted to an out-of-date address. No further action was brought from the ICO.

According to published documents, the number of breaches from 2020 are:

2020: 30
2021: 64
2022: 98
2023: 157
2024 (so far): 55

The report to the council’s corporate resources overview and scrutiny committee stated: “Whilst it may appear that the increasing numbers are a concern, a cautious approach is taken to reporting matters to ensure the Council is being transparent with regards to data breaches. Where the Council has reported a data breach to the ICO, no action has been taken by the Regulator.”

The documents also state that training and guidance are given where necessary in relation to data breaches. In addition, Gateshead Council is trailing methods to reduce the number of breaches relating to emails.