Councils including Perth and Kinross and Fife have been slammed for “shockingly lax” attitudes to data protection after new figures revealed that thousands of breaches occurred across the UK over a three-year period.
A report released by the privacy campaign group Big Brother Watch suggested there were 4,326 data breaches in local authorities between April 2011 and April 2014 which included personal information being lost, stolen or used inappropriately.
Children’s information was involved on 658 occasions, the report added, although just one in 10 data breaches resulted in disciplinary action.
Four cases took place in Perth and Kinross involving breaches of the Data Protection Act in relation to “unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.
No further details were given, although Perth and Kinross Council did confirm that written warnings were issued to staff.
Meanwhile, three breaches were identified in Fife over the three-year period examined, one of which resulted in a staff suspension, although no further information was given on the nature of those cases.
Emma Carr, Big Brother Watch director, said the figures were worrying and suggested that far more could be done to prevent and deter data breaches from happening.
“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them,” she said.
“A number of examples show shockingly lax attitudes to protecting confidential information.
“For so many children and young people to have had their personal information compromised is deeply disturbing.
“Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required.
“Until we see these policies implemented, the public will simply not be able to trust local councils with their data.”
No breaches were reported in the Angus and Dundee City Council areas, while some other Scottish councils including Edinburgh refused to answer Big Brother Watch’s freedom of information request, citing the time and cost involved.
A spokesperson for Perth and Kinross Council said: “The council recognises the importance of information security and our employees have received clear guidance on how to protect personal data appropriately.”
Three quarters of the 197 reported instances of loss or theft of equipment highlighted in the report took place in Glasgow, while an unencrypted laptop containing the details of 200 pupils was stolen from Aberdeenshire.
The laptop was later recovered and no disciplinary action was taken, although the matter was reported to the information’s commissioner’s office.
Across the UK, there were 50 dismissals between 2011 and 2014 in relation to data breaches and 39 resignations.
Only one case went to court in which a Southampton Council employee was prosecuted by the ICO for transferring “highly sensitive data to his personal email account”.