Councils struggling to prevent data dislcosure and security breaches: research

A significant number of councils are struggling to prevent erroneous disclosure of data, security breaches and other forms of data loss, a Freedom of Information request by Zurich Municipal has suggested.

The insurer submitted the request to the Information Commissioner’s Office (ICO) to establish the scale of loss in local government.

The ICO said it handled 625 cases in 2015 where a local authority faced a complaint of breaching the Data Protection Act.

In 34% of completed cases, the local authority was given instructions on how to change or improve.

Examples included 28 cases involving general advice and in 108 cases the council was asked to address the complainant’s specific concerns.

One was asked to complete a compliance audit and four saw the ICO require specific steps to improve practices.

Nine councils were told to produce an improvement action plan.

Zurich’s head of public services Paul Tombs said: “As local authorities rightly focus on transforming service provision with a general move to on-line and self-service, they must ensure robust review of their data protection plans and ensure these are still fit for purpose. This research shows that a small yet significant number of councils are struggling to manage their data protection processes.

“Most councils have been able to fight off any data threat thanks to robust data protection strategies that take into account potential risks and set out steps that need to be taken. Insurers and other risk experts are often able to advise on such strategies. The councils that are still struggling need to follow suit and see where they can apply best practice.”

Mark Smulian