Scores of blunders sees Norfolk councils breach data laws over confidential information
Personal information about some of the most vulnerable people in the region has been lost, misused or mistakenly shared because of a string of blunders at local councils, new statistics have shown.
The catalogue of mistakes included a document containing confidential information about a Norfolk child in care being found in a street, while details of vulnerable elderly people in care in Cambridgeshire had to be retrieved from a bin.
A number of investigations are still underway at Norfolk County Council after “sensitive” information was “released inappropriately”, while Cambridgeshire County Council accidentally sent letters meant for a psychologist to the parents of the person the letters were about.
Norfolk County Council was fined £80,000 by watchdogs in 2012 after a social worker hand-delivered highly sensitive child welfare information to the wrong address.
That was the only one of the breaches which attracted punishment from the Information Commissioner’s Office.
The details were revealed using the Freedom Of Information Act which showed that, across councils in Norfolk, Suffolk and Cambridgeshire, there were just under 200 breaches of the Data Protection Act between 2011 and March this year.
Council have a number of legal obligations to protect the information they hold and can be fined if they fail to do so.
In some cases, the breaches have occurred because laptops, files and dictaphones containing personal data were stolen or lost, while others involved personal details being wrongly included in emails or sent to the wrong people.
Norfolk County Council recorded 59 breaches in the past three years, Suffolk 93 and Cambridgeshire 34. Norwich City Council had eight breaches - one of which was after an iPad was stolen containing a number of names, addresses and telephone numbers. Four other breaches involved documents being sent to the wrong address.
There were four breaches at North Norfolk District Council, one of which included “the release of personal information to some customers following a printing error”, while there was one at Breckland Council. The other councils had no breaches.
Tom McCabe, the director with responsibility for data protection and information management at Norfolk County Council said: “We have a legal, moral and ethical duty to properly take care of people’s personal information. As an organisation which processes millions of pieces of sensitive information every week, we take that responsibility very seriously indeed.
“While just one incident in the last three years has been serious enough to involve the Information Commissioner - and I do understand that mistakes can happen - our position is that every breach is one too many.
“Just some examples of how we try to minimise the risks of things going wrong show how seriously we take this matter. They include making it mandatory for all of our staff to have data protection training and making adjustments to the training where necessary so that it is as relevant as possible to people in their day to day work.
“And we run regular internal awareness campaigns to remind staff about their responsibilities - for instance with posters in our buildings and via emails.
“The big investment we are making in new IT technology will also help us improve, because the type of modern equipment we will be working with in the future has better protection systems built into it. “It will also help us to further reduce the amount of paperwork we physically handle.”
On the county council’s list of breaches was another incident where a young person at a children’s home was able to get into an unlocked room to look through his case file.
While the home was not owned nor operated by Norfolk County Council, the council investigated because it was ‘data controller’ for the information which was breached and the home was recommended to improve its procedures.
Another of the breaches was in January last year, when a man and his dog spent at least an hour walking through County Hall when it was closed on a Saturday and filmed himself leafing through documents he found.
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously.
He said in 2012: “There is clearly an underlying problem with data protection in local government.”
• Do you have a story about a local council? Write, giving full contact details, to Letters Editor, Prospect House, Rouen Road, Norwich NR1 1RE.