Essex County Council suffers data breach
Report alleges that council employee sent personal and financial data of 400 people in care to unauthorised recipient
An employee at Essex County Council sent personal and financial data of 400 people in care to an unauthorised recipent, according to a report by news website This Is Total Essex.
The data, which allegedly includes addresses and financial information about citizens in “substantial” and “critical” need of care, were sent from the Adults Health and Community Wellbeing Department to a computer outside the County Hall,
The report claims that the data in question described personal budgets used by people with disabilities to arrange services such as home care.
The council said in a statement that it did not believe there was malicious intent behind the incorrect use of data and that there was a “minimal” risk of identity theft.
'“While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy," it said. "We are taking this extremely seriously and have informed the police and the Information Commissioners Office."
"Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised."
Councillor Mike Mackrory, Liberal Democrat opposition leader at the council, told the news site: “With all the security procedures we are supposed to have now and all the millions the county council has spent on the best IT, it beggars belief that something like this can have happened.
"I am frankly staggered. We need to get to the bottom of it quickly and ensure our procedures are even tighter,” he said.
Several data breaches involving councils have taken place this year. In June, Dumfries and Galloway Council exposed the salary information of about 9,000 employees shortly after announcing a new data protection policy.
In July, a spreadsheet published by Islington Borough Council in response to an Freedom of Information request revealed personal data relating to 2,376 of its citizens.
Fines issued by the Information Commissioners Office for data breaches have quadrupled in the last year, reaching a total of £1.8 million.
“At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act,” warned Information Commissioner Christopher Graham in February.
“Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty,” warned Information Commissioner Christopher Graham in February.