ICO Clamps Down on Data Protection Breaches in Local Government and Says More to Come

“There is an underlying problem with data protection in local government” – Information Commissioner.

This is the warning from the Information Commissioner’s Office ringing in the ears of local governments up and down the country.  Four more local councils have been issued with civil monetary policies for breaching the Data Protection Act (the “DPA”); this now means that nineteen local councils have received penalties totalling £1,885,000.

The local councils in the firing line this time were Leeds City Council (fined £95,000), Plymouth City Council (£60,000) and Devon County Council (£90,000).  Each breach of the DPA followed a similar pattern, namely sensitive formation regarding child care cases.   The causes of the breach varied from pages of a report being mistakenly collected off a printer and mixed with the papers from another case to the use of a previous adoption panel report which had been amended but the old version had been sent out.

The London Borough of Lewisham was also issued a penalty of £70,000 after social work papers were left on a train by a social worker who was taking the files home to work on.   Although later recovered, the files included GP and police reports and allegations of sexual abuse and neglect.

The Information Commissioner has criticised local government’s attitude towards protecting personal data and Information Commissioner Christopher Graham made the following statement in light of the latest round of fines:

 “It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.”

“There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems.”

The ICO is campaigning for stronger powers to audit both local councils and NHS bodies across the UK, if necessary without consent, following increasing numbers of data protection breaches and in an attempt to prevent such leakages occurring again.

Forbes Solicitors regularly advises public and private bodies on all aspects of data protection compliance.  If you require any advice or assistance in relation to the Data Protection Act and its enforcement please contact Daniel Milnes.

Daniel Milnes

About Daniel Milnes

Dan is a Partner and Head of Contracts & Projects. Dan’s blogs cover the areas in which his specialities lie in commercial, regulatory and governance law which cover a broad range of matters dealing with contracts, projects, corporate and group structures, funding and compliance with a range of legal regimes including data protection. This also involves writing and advising on various forms of commercial contracts including joint ventures, development and construction agreements and intellectual property contracts including IT agreements, sponsorships and other rights licensing arrangements.
This entry was posted in Corporate & Restructuring, Employment Law, Housing Litigation and tagged , .