UK: No action over Hartlepool council data breaches (update2)
Back in March, the Information Commissioner’s Office ordered Hartlepool NHS Foundation to review its data protection after a breach involving sensitive information. But the Trust wasn’t the only Hartlepool government entity with data protection issues. As Fiona Thompson reports, Hartlepool Borough Council employees were also responsible for breaches. But unlike the Trust, no action has been taken against them – not by the Council, and not by the ICO:
Council workers have breached data laws by accessing sensitive information.
But despite the infringements, no one has resigned or been convicted.
… Details uncovered through Freedom of Information requests to councils across the country found in Hartlepool, between 2011 and last year, there were three instances where there were breaches of rules.
By U.S. standards, the three incidents involving improper employee access, are no huge deal, but it’s good to see the media in the U.K. pushing for accountability. As a privacy commissioner in Canada pointed out in a case in Saskatchewan, consequences for employees are important – and those consequences should be made public. Maybe U.K. councils want to think about that, too.
Update: While Hartlepool had 3 breaches, Doncaster Council had 100.
This is all part of Big Brother Watch’s FOIA survey, which I will link to when I can find their report on their site.
Update 2: There is a slew of UK news stories about individual councils and their number of breaches. Here is the Big Brother Watch report on which they are based.