Aug 12 2015

Harrow Council: Not Doing Great on Data Protection Breaches

harrow_council_logoHarrow Council, your local trusted guardian of all manner of confidential and personal information, has been forced to reveal a staggering number of data breaches over the three year period from April 2011 to 2013. Out of the 44 breaches:

  • 31 were related to personal or confidential information inadvertently shared with a third party.
  • six were personal or confidential information published by mistake on their website.
  • four were personal or confidential information stolen (although we’re not sure if this also includes ‘lost on trains’ or ‘dropped in seedy gentlemans clubs’)

The report, A Breach of Trust, published by Big Brother Watch, also indicated that there were two occurrences of personal email accounts being hacked, and one occasion of personal/confidential information being disposed of in an insecure manner.

On all 44 counts, there was merely an internal disciplinary: no resignation and no convictions. Indeed, across the country, only 2.1% of the data breaches resulted in resignation or dismissal, and only one – out of 4,236 – resulted in a prosecution in court.

It beggars belief how the council has got away with this for so long. We discovered just one of the six items, where information was published on the website, and frankly dread to think what the others were. Given the vast amount of personal information the council holds on residents, along with their ineptitude in running IT systems, it’s amazing that these figures aren’t higher. On this occasion, we’re not sure who to blame: at the risk of being declared a card-carrying, blue-rinse Tory voter, we’d point out that Harrow’s Labour group aren’t the sharpest set of tools around, as they once posted their wifi password to Twitter. We don’t know what the council has learned from these breaches – one about every three weeks, on average, nor what their training or incident response plans are, because they won’t tell us. But it does seem a fairly limp response to just discipline someone with a slap on the wrist for such a breach of corporate trust.

As Big Brother Watch say in the preface to their report, “It is vital that the security of our personal information is a priority for local authorities.” We couldn’t agree more.

(Visited 22 times, 1 visits today)

1 comment

  1. Hectors House (@NegligentRail)

    LMAO sorry but this is old news where Harrow council & data protection are concerned,I have in my possession various emails with confidential information attached including police involvement with another resident,confirmation of resident being on framework i system,
    an admission of failure by a department,also comments on workers failure to follow correct procedure and a senior council worker saying they dropped the ball.

    All these were internal emails attached to outgoing emails,they just send emails internally without checking for exterior email addresses.

    My favourite has to be some years ago the council installed new windows as part of their improvement scheme however someone forgot to apply for planning permission,so a council worker applied on residents behalf filling in all their details full name address etc and putting them on the web,when the brown stuff hit the fan they took it down scrubbed his name of the document and put the details back up.The ICO were not impressed with the last bit.

Comments have been disabled.