Sheffield Council in "serious" mental health data breach
Sheffield Council has contacted the Information Commissioner's Office (ICO) after mental health patient records were found by a member of the public
Sheffield City Council has alerted the Information Commissioner's Office of a serious data breach, after paper documents relating to mental health patients were found "blowing around" in the city centre.
Local newspaper The Star reported the breach this morning. A spokesman for Sheffield City Council told Information Age that the newspaper alerted the council of the breach on Monday.
The member of the public who found the documents gave them to The Star, who immediately returned them to the council, the spokesman said.
Eddie Sherwood, Sheffield City Council's director of care and support for communities, said in a statement that the council has also begun the notification process with the ICO and is waiting for a response from the data watchdog.
"As a large organisation which deals with the public we have strict procedures in place to stop this from happening. Unfortunately this appears not to have happened here and we have launched an immediate investigation," said Sherwood. "People need to have confidence that we will keep their personal details safe and we will get to the bottom of how this happened."
Information Age has contacted the ICO and is awaiting comment.
The ICO has the power to fine Sheffield Council up to £500,000 if found guilty of a serious breach.
Local councils, along with NHS trusts, have been particularly susceptible to data breaches recently. In July, Islington Borough Council leaked citizen data in hidden Excel sheets after responding to a freedom of information request.
In August, Essex County Council allegedly suffered a data breach when a council employee sent personal and financial data of 400 people in care to an unauthorised recipient.