News & Resources

Data breaches and the Public sector

  • Posted on

The public sector handles a wide range of our sensitive information. It needs this data to deliver the services we have all come to expect. But, as our world becomes ever more digital, the threat of data breaches and privacy violations increases. And, in response, there must be adequate and robust protections in place to secure the data and information held within the public sector.

But it's not just cyber-attacks this sector must prepare for. In addition to the risk of crime, human error continues to cause far too many data breaches. So, public sector staff must have the training, knowledge and ability to handle sensitive data securely. Especially as this data is regularly shared between organisations and departments as part of modern governance and the delivery of public services.

But all too often this isn't happening. And, as such, public sector data breaches are causing misery and upset to people across the UK.

What do the stats tell us about public sector data breaches?

Last year, research by The SMS Works[1] revealed that:

  • Public sector bodies receive far more fines than any other type of organisation
  • Public sector organisations responsible for over 54% of all data breach fines
  • Out of the 60 public sector fines,12 of them were handed out to the NHS and 9 to the Police
  • Local council were responsible for half of all data breaches.

The report also said:

"Public sector organisation have trouble holding on to and adequately looking after devices that contain sensitive or personal information. On 18 separate occasions, departments have either lost laptops, USB drives or folders containing sensitive information.

"They have a habit of leaving offices buildings empty except for desks and a few cabinets still containing personal data. On one occasion a filing cabinet was sent to an office supplies auction still stuffed with files containing sensitive personal data.

"None of the public sector data breach fines was for a data leak following a successful hack. All were down to human error of some sort".

Public sector data breaches are all too common

Unfortunately, the figures don't come as a surprise to our data breach lawyers. At Hayes Connor we deal with many cases on behalf of clients who have had their data mishandled by organisations such as local health authorities and councils. And, we've seen first-hand just how devastating the experience can be.

For example, in one recent case, a local authority sent a copy of a court order containing sensitive personal information about our client and their neighbour to his neighbour by mistake. The neighbour opened and read the letter and shared it with other people in the local community. The contents of the letter were highly sensitive and caused distress and embarrassment to our client and his family. As such, the consequences of the error and the impact on his mental health were far-reaching.

ICO reported public sector data breaches

Other recent examples of public sector data breach action taken by the ICO include:

  • A former Reablement Officer at Walsall Metropolitan Borough Council was prosecuted for accessing social care records without authorisation. She was sentenced to a fine of £450, ordered to pay costs of £364 and a victim surcharge of £45
  • A former Social Services Support Officer at Dorset County Council was prosecuted for accessing Social Care records without authorisation. She was sentenced to a 6-month conditional discharge, ordered to pay costs of £700 and a victim surcharge of £20
  • The Royal Borough of Kensington and Chelsea was fined £120,000 after it unlawfully identified 943 people who owned vacant properties in the borough.

Protecting your interests

At Hayes Connor Solicitors we help you to claim compensation and steer you through the aftermath of a public sector data breach, minimising the impact on you as much as possible. And, because we are passionate about securing justice for our clients, we offer no-win, no-fee funding arrangements to reduce the pressure at an already difficult time.

To speak to our data protection experts about starting a claim, please contact us for a free initial assessment of your case.


[1] https://thesmsworks.co.uk/ico-fines-analysis

Contact us