Harrow Council has confirmed that it still has problems managing residents’ data under the controls of the Data Protection legislation, and lists ten incidents that it considers qualify as a ‘breach’ – it’s unknown if there are more than the council managed to downgrade. Ten might not sound like a lot, but it’s absolutely ten too many.
Breaches seem to down to human error, rather than IT controls failing, which seems that it could indicate lack of training, or, more likely, lack of anybody actually caring that the job gets done properly. Some examples:
- Information sent to the wrong address. Copy of the report for Family A was placed with the bundle for Family B.
- Information sent to the wrong address – previous address was used.
- Information disclosed in error by email.
- Personal information displayed on the Council website.
- Paper information sent to the wrong person – notification letters for a resident were issued to their landlord in error.
You can read the council’s disclosure of events, and actions taken, here. The council really needs to get better with how it handles personal information.