Data protection watchdog investigating three serious security breaches at Leeds City Council

The UK’s data protection watchdog is investigating three serious breaches of information security at Leeds City Council over the past year.

A report from the council says 82 “information security incidents” were reported across the organisation between July 2011 and July 2012 – many of them down to human error – and four of them were deemed serious enough to report to the Information Commissioner’s Office (ICO).

“Whilst the Information Commissioner has closed one of these incidents, the council is still awaiting a decision on the remaining three incidents at the time of writing,” the 13th August report said.

It didn’t say what or whose information was involved.

The Information Commissioner has the power to issue fines of up to £500,000 to organisations who breach the principles of the 1998 Data Protection Act 1998, the report noted, adding that nearly two-thirds of the 21 fines issued so far have been issued to local authorities.

“Personal or business sensitive information”

The report outlined the steps the council is taking to ensure staff understand their responsibilities for managing council information.

An Information Governance strategy has been developed and a new two-year post created to implement the strategy and deliver training across the workforce.

Staff have already undertaken an awareness training programme, but “further training is required for staff processing personal or business sensitive information in high and medium risk areas to ensure good data handling is understood and carried out at all times”.

The ICO is likely to want to see evidence of the council implementing improved governance arrangements across the organisation, the report said.

“It is important that we can demonstrate that the council has undertaken positive proactive action to mitigate against the chances of similar information security incidents taking place again,” the report said.

Recruitment to the new post will initially be through the council’s “talent pool”. If that doesn’t work out, the job will be advertised internally.

Handing the job over to the council’s official training contractor QA was considered, but rejected on the grounds that it wouldn’t represent value for money compared to using an internal resource.


About the leeds citizen

contributions to this blog welcome
This entry was posted in News and tagged , , , , , . Bookmark the permalink.

One Response to Data protection watchdog investigating three serious security breaches at Leeds City Council

  1. Beverly says:

    It’s good that staff are being given extra training. In any organisation, it’s amazing what people actually throw in the bin (physically or virtually) and think this a safe way to dispose of information.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s