'Lax' councils hit by 1,000 breaches

Personal data has been lost by or stolen from UK local councils more than 1,000 times since 2008, with some details even appearing on Facebook, according to campaign group Big Brother Watch.
The finding, revealed in a Freedom of Information request, shows that 132 authorities had a total of 1,035 cases of data loss or theft between 2008 and 2011, including details relating to children and vulnerable people in care.
Just this week, Southwark Council became the latest public sector organisation to be hauled in front of the data watchdog after it inadvertently left behind the personal details of 7,200 people when it vacated a council building over two years ago.
Big Brother Watch director Nick Pickles said the research showed a “shockingly lax attitude” to protection of confidential information by some councils. Some 263 councils reported no losses, while a further 38 did not respond.
Only 55 incidents were reported to the Information Commissioner’s Office (ICO) and only nine people lost their jobs as a result, according to the councils which responded.
The report revealed that information about at least 3,100 children and young people was compromised in 118 cases. At least 244 laptops and portable computers, 98 memory sticks and 93 mobile devices went missing.
Buckinghamshire and Kent reported the most data loss incidents with 72 cases each, followed by Essex with 62 and Northamptonshire with 48.
Cases included scanned case notes belonging to Kent council being found on Facebook and an unencrypted memory stick containing childcare data lost on a Durham street.
In Birmingham, one lost USB stick included the names, addresses, contact details, tenancy type and ethnic origin of 64,000 tenants. In that case, the member of staff was suspended and later resigned.
Pickles said: “This research highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils. The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting the privacy of their service users and local residents.
“Despite having access to increasing amounts of data and being responsible for even more services, local authorities are simply not able to say our personal information is safe with them.”
An ICO spokesman said: “It’s vital that local authorities properly live up to their legal responsibility to keep personal data secure, particularly where it is sensitive information about children and young people.
“Our concern isn’t just that councils have the right policies and procedures in place; it’s about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature.”