Yahoo News Three serious council data breaches reported to information watchdog in last 12 months
Three data breaches at Redcar and Cleveland Council were serious enough to warrant reporting to the Information Commissioner’s Office (ICO), a report has revealed.
The data breaches were among a total of 83 logged by the local authority in 2023/24, one more than the previous 12 months.
An annual report produced by the council for governance committee members said one breach related to unauthorised access by an employee to records held within a social care system. The other two involved personal information mistakenly being sent by e-mail to the wrong person.
READ MORE: Parents with engines running outside schools at pick up time are targeted in pollution campaign
UK General Data Protection Regulations (GDPR) require all organisations and companies to report the most serious data breaches to the ICO within 72 hours of becoming aware of a breach. The watchdog can issue enforcement notices and levy large fines in the worst cases. The report said the ICO did not take any further action against the local authority in relation to the reported incidents as they were deemed to have been handled appropriately.
While there was only a marginal increase year-on-year in reported data breaches, figures from the last two years show a substantial increase on previous years. The report said: “It may be that some of the increase is due to greater visibility of the reporting procedure and recognition of the importance of following this, so that any breach can be contained appropriately.”
It described a “robust” reporting process around data breaches, which involved a thorough evaluation of the seriousness of each data breach reported, adding: “It is normal for organisations the size of the council to incur data breaches given the large amounts of personal data being processed and the presence of human error.
“But the steps that the council takes to contain and recover from incidents and provide awareness are key to preventing recurrence and ensuring compliance with data protection legislation.”
Every data breach was also assessed and investigated to determine the root cause and establish if improvements need to be made.
The council provides mandatory training on data protection to staff who handle personal data for their work. Staff are required to undertake the training on starting employment and every two years thereafter.
The report also said there was an expectation that councillors complete the same training.
For breaking news in your area direct to your inbox every day, go here to sign up to our free newsletter
