skip to Main Content

Serious Data Breaches in Local Authorities

A recent report shows that local authorities have four data breaches per day between them. Can new technology help?

Newspapers stated today  “Councils have lost or misused private data thousands of times, says watchdog” which is an eye-catching headline.

The newspaper article explains that data has been lost or stolen thousands of times and the watchdog proposing “Big custodial sentences to be introduced for the most serious data breaches“.


Wanting to know more and what data has been stolen (especially considering our focus is on securing server systems) I skimmed-through the Watchdog’s report.

It’s an interesting read, because many of the “data breaches” are human error (sending two letters in one envelope, leaving something on a tube, sending an email to the wrong person) and or really bad luck (staff member is mugged/robbed with laptop or mobile phone in their bag). It is no wonder many of the staff are not disciplined.

Other than controlling the flow of e-mail (using something like Rights Management) and ensuring laptops and mobile devices are encrypted, it doesn’t appear that systems alone could prevent many of the data breaches.

The business model is interesting –  Local Authorities employ thousands of people who in turn deal with thousands of people.  With high public interaction, it would seem normal to have some margin of error. Errors that are very visible because it affects every one of us.  

I wonder how much in terms of percentage these data issues are versus the positive number of interactiions/transacctions a Local Authority makes?

It is right to bring this information together, to show there’s an issue.  But what is the solution? Reading the report further there are more recommendations than reported in the newspaper:

1. The introduction of custodial sentences for serious data breaches.
2. Where a serious breach is uncovered the individual should be given a criminal record.
3. Data protection training should be mandatory for members of staff with access to personal information.
4. The mandatory reporting of a breach that concerns a member of the public.
5. Standardised reporting systems and approaches to handling a breach.
6. The extension of the ICO’s assessment notice powers to cover local authorities.


Personally I would like to see standards to be met with the encryption, e-mail protection and data safeguarding – operational elements of information technology that may help if an employee makes a mistake.  Would a standard data security / encryption solution across all local authorities be a good idea?

There were other recent headlines regarding Local Authorities still running Windows XP and Windows Server 2003.  

Maybe it’s time to upgrade and take advantage of security in newer software.  But, that alone wouldn’t address most of the issues highlighted in the report.


Share on facebook
Share on linkedin
Share on twitter
Share on email

Take our FREE Scorecard to find out if your investment is at risk.

Discover the value of technology in your portfolio and target investments to gain more confidence and uncover potentially significant risks that could affect the value of a sale or an acquisition.

More Stories

Back To Top