Councils reprimanded over data loss

Five councils have been warned by the Information Commissioner over Data Protection Act breaches that led to the disclosure of personal information.

The local authorities were named and shamed by Information Commissioner Christopher Graham, who spoke of the potential "detrimental impact" of information breaches on the individuals affected and reminded councils throughout the country they face large fines if found guilty of violating the Data Protection Act.

Among the list of wrong-doers was Basingstoke and Dean Borough Council, which broke information legislation on four separate occasions in a two month period in 2011.

This included an incident in May last year when an individual was erroneously sent information regarding 29 people in supported housing. This is not the first time the council has found itself in the spotlight for such offences: in 2009 a spreadsheet of more than 2,000 applicants for council jobs was mistakenly made available to internet users.

In July 2011 an error by a council employee of Brighton and Hove Council resulted in the details of another member of staff's personal data being sent by email to 2,821 council workers. Two years earlier an unencrypted laptop had been stolen from the home of a temporary employee of the same authority.

Both councils have committed to introduce measures ensuring data is handled in compliance with the Act.

Other authorities that signed have undertakings to ensure compliance are Dacorum Borough Council, Bolton Council and Craven District Council. An enforcement notice been issued to Staffordshire County Council over its mishandling of a subject access request.

Information Commissioner Christopher Graham said: "At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents' privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty."

The announcement comes a day after the news that the personal data of hundreds of Medway Council workers was posted online for two hours. Diagnostic Health Solutions, which was employed to monitor absenteeism, claims it was the victim of theft however in light of the incident the council terminated its contract for an "unacceptable data breach".

In November 2011 civil liberties and privacy group Big Brother Watch published a report on the extent of the loss of personal data by local authorities. Freedom of information requests revealed how between 2008 and 2011, 132 authorities lost sensitive information in 1035 separate incidents.

Buckinghamshire County Council headed the list of offenders with a total of 72 incidents. In one stand-out incident, a member of staff from Birmingham City Council lost a USB stick containing the personal details of 64,000 council tenants.