It was supposed to be an enjoyable event, but a summer party recently turned disastrous for Newcastle City Council when an employee inadvertently attached a datasheet containing highly sensitive information to the invitation.
The incident involved the personal details of 2,743 individuals – both former and current foster children, and their parents – and included information such as names, addresses and birthdates. The member of staff emailed the invitation and attachment to 77 people in June this year.
For one mother, the distress caused by this incident has been immediate:
“When I found out what information had been sent out I felt sick inside. We have had two letters from the council reassuring us. But I don’t feel reassured. The council can’t guarantee that everyone who got the email has deleted it or that it won’t get out further. These children were placed in care for their safety. Some have had horrendous things happen to them and you don’t want the safety of your children put at risk. There are birth parents out there that try to get in touch with their children. It just worries me that one day they could end up on the doorstep.” http://www.bbc.co.uk/news/uk-england-tyne-40648987
The Information Commissioner’s Office (ICO) is already investigating the incident and no doubt will mandate the council take steps to mitigate future similar breaches. It’s also likely the ICO will impose a considerable financial penalty.
Yet this is one in a long line of very serious leaks by organisations across the country, begging the question whether enough is being done to protect such sensitive data.
Time for more than an apology
In this case, responsibility for the data lies with Newcastle City Council, as does their duty of care to the citizens in the city. In the aftermath of announcing the breach, the council issued a statement, explaining they had attempted to put in place some level of procedure to prevent a breach – although such measures clearly fell short:
“The member of staff concerned was authorised to use the data. However, in accidentally attaching the spreadsheet they contravened the council’s standard practice and guidance provided to members of staff.”
The council also took remedial actions of contacting the 77 people who received the spreadsheet, requesting they…
Click here to read more