Data breaches down at Sunderland City Council - but authority still hit by 96 'information incidents'

Sunderland City Council saw almost 100 data breaches last year, a decrease on the 12 months prior, according to new figures.
Watch more of our videos on Shots! 
and live on Freeview channel 276
Visit Shots! now

City Hall officers stressed steps are in place to help ensure data protection responsibilities for the council and its linked organisations are carried out, with compliance requiring “the ongoing commitment of everyone”.

It comes after in May 2018, General Data Protection Regulations (GDPR) were introduced setting out laws for organisations around protecting personal data.

Hide Ad
Hide Ad

The latest meeting of the council’s audit and governance committee heard in 2021/22 there were 96 information incidents, also known as data breaches – down on the 136 recorded in 2020/21.

City Hall.City Hall.
City Hall.

Nick Humphreys, council data protection officer, said the drop was positive, especially considering the challenges around migration to more agile working conditions and the move to the new City Hall.

He said: “We are, I think, getting better at considering the serious tangible effects of how we design potential requirements into our system, so we’ve been getting less breaches coming out.

“I think given the volume of transactions we’re required to do on a daily basis it’s encouraging to see that the number of breaches did go down from the previous year, particularly in the context of the working arrangements of most staff.

Hide Ad
Hide Ad

“I’m very happy to say that none of the breaches recorded last year were overtly or directly attributable to the move to City Hall, the change to agile working, or the move over to Microsoft Office 365.”

He added this was a “credit to the staff for their diligence and vigilance” and also praised the guidance provided by those working at the council.

In total four of the data breaches were reported to the Information Commissioner’s Office (ICO) – which deals with more serious incidents, compared to one case the previous year.

Three of these reports were from the council directly, including two cases around “children’s safeguarding”, where “parental addresses were disclosed to estranged family members without a legitimate basis to do so”.

There was also one complaint from a member of the public, after internal council investigations were “unable to substantiate allegations of personal information being inappropriately disclosed in relation to a planning application”.

Hide Ad
Hide Ad

However council officers reported there had been no formal enforcement action taken in relation to the breaches.

Mr Humphreys said: “I’m happy to say the information commissioner agreed with all our measures in place, so there was no further action or anything like that regarding the breaches that occurred.”

Moving forward council chiefs added they were taking a number of steps to continue to strengthen data protection measures, with frequent checks also carried out.