Local government's data privacy criticized by ICO (Information Commissioner's Office)
The Information Commissioner's Office (ICO) has announced four new fines for local councils in the UK, highlighting an underlying problem with data protection in the sector. The fines total £1.9 million and serve as a reminder that breaches of the Data Protection Act have real-world consequences for individuals.
The London Borough of Lewisham was fined £70,000 for leaving documents containing details of sexual abuse allegations across a train. The ICO considers that far too often, councils do not acknowledge that the data they are handling is about real people, often the more vulnerable members of society.
Devon County Council was fined £90,000 for using a previous template in an adoption panel report, leaving data on 22 people intact. Leeds City Council was fined £95,000 for sending sensitive information in a re-used envelope with the previous recipient's address.
Plymouth County Council was fined £60,000 for sending two similar documents relating to child neglect cases to one recipient. The ICO did not specify the number of child neglect cases involved in the incident.
In response to these breaches, the ICO plans to meet with stakeholders from across the sector to discuss how they can support councils in addressing these data protection problems. Future discussions on resolving sensitive data processing issues are expected to involve multiple agencies, including the Federal Commissioner for Data Protection and Freedom of Information (BfDI), the State Data Protection Authorities (Landesdatenschutzbehörden), the Federal Network Agency with its Independent AI Market Surveillance Chamber (UKIM), and new coordination bodies like the Koordinierungs- und Kompetenzzentrum (KoKIVO).
The ICO's statement emphasized that the councils' breaches are not due to simple human error but rather a result of councils treating sensitive personal data like general correspondence. Christopher Gahram, the Information Commissioner, stated that nineteen councils have failed to have basic data protection procedures in place.
These fines are not isolated incidents. Since 2010, nineteen councils have been fined a total of £1.9 million by the ICO for breaching the Data Protection Act. The ICO did not provide details about the meetings with stakeholders from across the sector.
The ICO's actions underscore the importance of councils taking their data protection responsibilities seriously. As Mr. Gahram stated, "There is an underlying problem with data protection in local government." The ICO's efforts to engage stakeholders and improve data protection practices across the sector are a positive step towards addressing this issue.
Read also:
- EPA Administrator Zeldin travels to Iowa, reveals fresh EPA DEF guidelines, attends State Fair, commemorates One Big Beautiful Bill
- Musk announces intention to sue Apple for overlooking X and Grok in the top app listings
- Cybertruck's Disappointing Setback, Musk's New Policy, Mega-Pack Triumphs, Model Y's Anticipated Upgrade Prior to Refresh (Week of January 25 for Tesla)
- Innovative Company ILiAD Technologies Introduces ILiAD+: Boosting Direct Lithium Extraction Technology's Efficiency Substantially
){kind=link}