Is your local council doing enough to protect your data?
Wokingham Council has suffered its fifth data breach in a year. This demonstrates why more and more residents are looking to sue for breach of data protection.
The latest data breach happened when a woman had her benefit payment details leaked to another resident. Just a month earlier, the council had to apologise after a sex abuse victim had her data shared with her attacker. This happened not once but twice and could have caused significant upset and harm for the victim.
Worryingly, when talking about the failures, the council's customer service team said that "it happens".
A spokesperson for the council has since apologised for the data breaches. And the local authority is implementing measures to safeguard sensitive information.
But, people have the right to expect that councils across the UK have already established robust privacy processes. Why do people have to sue for breach of data protection before councils give this issue the attention it so obviously needs?
Local authority data breaches
The truth is, at Hayes Connor know that councils are neglecting people's privacy all the time.
- A data breach at Ceredigion Council. This saw documents which contained personal and sensitive information published on the county council's website
- Following an investigation by The Express & Star, it was revealed that almost 500 data breaches occurred at Sandwell Council over the past five years
- Nearly 6,000 people could have had their data breached after a City of York Council app was hacked
- Nottinghamshire County Council was fined £70,000 by the Information Commissioner's Office (ICO). This case exposed the personal information of vulnerable people for five years
- A former senior local government officer at Nuneaton and Bedworth District Council shared the personal information of rival job applicants with his partner.
Local governments must do better if they don't want people to sue for breach of data protection
Despite the threat of crime, all too often it is human error that is to blame for council data breaches. And, while in many cases local councils argue that the violations are "low risk", we believe that playing down the risk is the wrong approach to take.
Instead, councils must understand the harm caused when they don't look after our data correctly. The impact of such negligence can't be underestimated.
Just having access to an individual's name and address can result in financial fraud and/or identity fraud. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even if you haven't lost out financially after a data breach, this doesn't mean that there is no harm done. A data breach can also lead to distress and psychological trauma.
What's more, even if nothing has been done with that information as yet, it doesn't mean the data is safe. Working exclusively on data breach and cybercrime cases, it has become clear to our solicitors that the impact and losses people sustain following a data privacy violation are not always immediately apparent. We see instances where the effects only became clear months later.
What can you do to stop a breach of data protection from happening to you?
If you are concerned that your data might be at risk by a local authority, you can ask for a copy of the data the council holds about you. This is called a subject access request (SAR).
This won't guarantee that an error doesn't result in your information being exposed, but it is a reasonable safety precaution to take. You can also ask the council for a copy of their acceptable use policy and data protection policy.
Not just hackers
Our local governments were hit by almost 100 million cyber-attacks over five years. And one in four council systems were successfully breached. But, while the threat of cybercrime is something that the public sector needs to take seriously, it must also do more to address the issue of human error.
Waiting until a data breach happens is simply not good enough.
Alternatively, if you have been the victim of a data breach or cyber fraud and you want to sue for breach of data protection, contact us. We will answer any questions you might have and discuss your case in more depth.