A COUNCIL has defended itself amid heavy criticism after it was found to be one of the UK’s worst offenders for losing sensitive information.
An investigation by civil rights group Big Brother Watch revealed that Buckinghamshire County Council topped a list of culprit authorities in the UK which have had private data lost or stolen.
The incidents came to light when the civil rights group made a Freedom of Information request to 434 authorities across the UK.
It was discovered that 132 of them had lost sensitive information in at least 1,035 separate incidents.
The survey showed it had 72 cases involving Buckinghamshire in the last three years.
That put the council top of the list with Kent County Council who had the same number of incidents revealed.
But the council said that of those, 68 were minor breaches which many authorities would not record at all.
“We share Big Brother Watch’s concern that many local authorities reported no incidents, suggesting very varied reporting thresholds, and we should be praised for being fastidious.
“The ICO determined that our arrangements provided a reasonable assurance that processes and procedures are in place and being complied with.
“In audit terms ‘reasonable’ is one level down from the highest possible rating.”
However, in one Bucks case, about 2,000 email addresses were revealed in a public mailshot.
Other incidents included a disk containing data on vulnerable children being left on the hard drive of a computer that was taken away to be replaced and nine reports of laptops, briefcases or mobile devices being lost or stolen.
Nick Pickles, director of Big Brother Watch, said: “Councils work with very sensitive personal information and the purpose of our report was to highlight the risk to privacy that exists because of poor data protection.
“Buckinghamshire clearly have a more open approach to these issues than some other authorities, which we welcome.
“However, the fact still remains that on too many occasions people have been let down and sensitive information has been put at risk.
“People don’t want to hear about how there is a good process of recording incidents, they want to know their personal information is safe.”
Breaches at Bucks County Council included:
l Allegation that biometric data from schools disclosed illegally.
l Disk containing data on vulnerable children left in hard drive when PC taken away to be replaced.
l Unsolicited advertising from firm formed by former staff.
l Adoption worker left sensitive manual file at airport.
l Adult Education enrolment and brochure site hacked. Malware downloaded to users’ PCs.
l Adult learning tutor removed exam papers to her home. Contained data on sensitive minority.
l Approximately 2,000 email addresses revealed when mailshot sent to public.
l Buckinghamshire Fire and Rescue pensioner alleged his data disclosed unlawfully.
l Email account hacked at a school sending malicious emails.
l Files on Connexions student with special needs lost in secure environment.
l Global email contained private addresses visible to all recipients.
l Incorrect file loaded to the Intranet resulted in salary details of all staff in Resources being visible.
l Individual’s cheque, signature and bank details posted on public planning site.
l Retiring Councillor did not return Council-provided laptop.
l Social worker’s work phone and Blackberry stolen in burglary.
l Theft of data by a dismissed employee