Sunderland City Council saw almost 60 data breaches last year, a slight decrease on the number recorded in the 12 months prior, according to figures.

City Hall officers stressed numerous steps are being taken to help ensure data protection responsibilities are carried out and to review incidents to prevent similar occurrences happening again.

A meeting of Sunderland City Council audit and governance committee heard in 2023/24 there were a total of 58 information incidents, also known as data breaches.

The figure was down on the 61 recorded in 2022/23.

Sunderland City Hall

Types of incidents included addressing and inclusion errors, along with physical loss and unauthorised access, with 54 graded as ‘green’ and four as ‘amber’, with none falling under the more severe ‘red’ rating.

There were no data breaches over the course of the year which were reported to the Information Commissioner’s Office (ICO) – which deals with more serious incidents, compared to four cases the previous year.

A report from Nick Humphreys, council data protection officer, stated they encourage reporting, not only of known or suspected breaches, but also the identification of lower level ‘near miss’ events.

In his report, he said: “Such reports are used to inform recommendations for improvements that can be made before a ‘near miss’ puts the data protection rights of individuals at risk.

“Arrangements for reporting data breaches are subject to ongoing review in the light of learning and feedback from incidents.

“It is recommended that the council and its connected organisations continue to engage with the data protection office to refine arrangements for the use and management of personal data.”

It continued that common themes identified in previous annual reports remain apparent, including correspondence errors related to use of incorrect addresses, both postal and email, and data quality issues.

Following management intervention the issue of re-use of previous documents as templates was addressed and these instances declined “for a period”, although examples “again occurred towards the end of the year”.

Actions and recommendations taken over the past year have included changes to business processes and reminders about requirements, along with individual performance management and instructions to staff on correct processes.

Others include refresher training for staff involved in data protection incidents, using clean templates for new documents and the requirement for e-mail data that is high risk or containing personal or sensitive information to be encrypted.

Officers added going forward the further embedding of data protection principles will be “critical” to ensure the team is involved “at the earliest opportunity with new initiatives as the council and partners progress the objectives of the City Plan”.

Previous meetings heard there were 96 data breaches in 2021/22 and 136 recorded in 2020/21.