Home / News & Resources / News & Updates / Sandwell Council suffers 500 data breaches in just five years

Sandwell Council suffers 500 data breaches in just five years

  • Posted on

Following an investigation by The Express & Star, it has been revealed that almost 500 data breaches have occurred at Sandwell Council in the past five years.

According to the report, sensitive information has been either stolen, lost or incorrectly disclosed. And in some cases, people's names and addresses were unintentionally shared.

Sandwell has classed all 499 data breaches as 'low level' incidents. However, with one data breach occurring every four days on average, this is sure to be worrying for people living in the area.

Sandwell Council is said to be reviewing its 'information governance arrangements', However, speaking about the findings, which were made available following a Freedom of Information request by the newspaper, a spokesperson, said: "The majority of these minor data breaches have occurred in cases where data is being transferred internally between council departments, rather than to outside organisations.

"These low-level data breaches will occasionally have included the unintentional sharing of, for example, a name or address.

"None of the breaches met the threshold requiring referral to the Information Commissioner.

"The council takes action in respect of every breach, however minor, and can in many cases recover the data immediately.

"It must be remembered that the council handles thousands of pieces of data every single day."

Not good enough

These violations correspond with our experiences of data breaches at local authorities across the country. Where in most cases, its human error rather than cybercrime that is the biggest cause of data privacy violations.

However, we would argue that handling thousands of pieces of data every day is not a good enough excuse when it comes to data protection failures.

For example, some of the breaches involved staff accidentally sending emails or paperwork to the wrong people. And, while Sandwell Council might consider this to be a low-level data breach, the devastation such negligence can cause can't be underestimated.

For example, in a recent case, our solicitors saw first-hand what can happen when a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.

This mistake saw the letter being sent to and read by a neighbour, before being divulged to other family members and neighbours. This caused considerable distress, upset and embarrassment to our client and his family. As such, the consequences of this "small" error were far-reaching.

What can you do to stop this from happening to you?

If you are concerned that your data might be at risk, either by Sandwell Council, or another local authority, you can ask for a copy of the data the council holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.

This won't guarantee that an error doesn't result in information being sent to the wrong person, but it is a reasonable safety precaution to take. You can also ask the council for a copy of their acceptable use policy and data protection policy.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.