Memory stick left in car and salary slip-up... Sunderland council’s data breaches revealed

Sunderland Civic Centre
Sunderland Civic Centre
17
Have your say

A USB stick left in a car and a member of staff’s salary wrongly revealed in a public document are among the data breaches made by Sunderland council workers.

Figures have revealed there have been 14 errors made between 2011 and last year by Sunderland City Council, after an inquiry into information which should not have been accessed or released by the authority.

It has robust procedures to guard against losses, including encrypting information, that staff report instances and take remedial action immediately, and that actions are taken to help ensure a loss is not repeated.

Councillor Harry Trueman

Despite the breaches, no one has resigned or been convicted. The incidents include a taxi licence application’s criminal check being sent to another applicant in error, 15 school admission appeals sent to the wrong addresses due to a fault with auto envelope machinery, and minutes about a child protection meeting sent to an incorrect address.

Several of the issues with mail sent to the wrong address were due to mismatched documents or out-of-date information on the council’s system.

The USB stick which was used by a former agency worker and found by the new owner of a used car, led to no disciplinary action as the worker had left the council at the time of the discovery.

In the case of the worker’s salary which was revealed through a Freedom of Information request, the error was put down to an oversight as the document was edited in preparation of its publication.

Another incident involved a credit number which a customer’s details were read back to them in a location where it could – in theory – be overheard.

While it is not believed any details were compromised, the case was reported to the department manager for feedback to staff.

Councillor Harry Trueman, deputy leader of the council, said: “The council takes the protection of data very seriously.

“It has robust procedures to guard against losses, including encrypting information, that staff report instances and take remedial action immediately, and that actions are taken to help ensure a loss is not repeated.”

At Durham County Council there were nine breaches, although the information was not held on disciplinary files. Two of those workers resigned before any sanction could be issued.

Roger Goodes, the council’s head of policy and communications, said: “We take data protection very seriously and have robust procedures in place to prevent breaches.

“On the rare occasion that a breach does occur, we take swift action to recover the information and minimise any damage, before fully investigating the incident and taking any steps deemed necessary to prevent a similar breach happening again.

“The figures quoted by Big Brother Watch date back to August 2014.

“Since then, we have taken steps to further strengthen our policies and procedures, including requiring all staff to complete a refresher course in data protection, improved our record management systems and updated our data protection policies.”

Emma Carr, director of privacy campaign group Big Brother Watch, said: “Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them.

“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public.

“Far more could be done to prevent and deter data breaches from occurring.”