A contractor was sacked for accessing and divulging personal information held by South Gloucestershire Council, as data security breaches at the authority rocketed by 46 per cent last year, a report reveals.
There were 184 incidents in 2018/19, compared with 126 over the previous 12 months.
The council insists the huge increase is because of its work to ensure employees are better informed to report issues.
A report to cabinet said: “In this period, two serious data breaches were reported to the Information Commissioner’s Office (ICO).
“The first involved a third party employee who accessed and disclosed personal information without authority.
“The employee was dismissed and the incident was reported to both the ICO and the police.
“The ICO judged that dismissal was an appropriate and proportionate sanction against the contractor, and no further action required.
“The second involved accidental disclosure of highly sensitive data about an individual to another individual.
“In this case the ICO was satisfied that we had taken reasonable action to investigate and prevent similar breaches happening in the future, that we had complied with the law and the breach was due to human error.
“No enforcement action was taken.”
The report said analysis of the data incidents indicated there had been an “improvement in understanding among officers and members about the importance of data security.”
“However, there is an ongoing requirement to seek greater general awareness and improved handling of data to reduce the number of security incidents caused by human error,” it continued.
“The security incidents have highlighted the need to regularly review and maintain
robust policies, procedures and ongoing awareness training that manage the processing of personal sensitive data.”
Among the priorities are encouraging staff to always check addresses when sending information by post or email, as well as the contents of the documents, to ensure they match the intended recipient.
They also include minimising the amount of paper documents used in fieldwork and keeping them securely until returning to the office.
The report added: “During this period, the ICO also raised seven data protection ‘concerns’ with us as a result of complaints received by them from South Gloucestershire residents who had requested subject access requests and weren’t satisfied by our response.
“In six cases the ICO found in our favour and confirmed our actions as correct and lawful.
“One particularly complex case is still being considered by the ICO.”
Data security breaches carry fines from the ICO of up to £17.1million, while failing to keep records or not complying with security obligations can result in a £10million penalty.
The ICO can also issue legal notices ordering local authorities to take action to improve data handling.
South Gloucestershire Council data protection officer, monitoring officer and head of legal, governance and democratic services John McCormack told cabinet members on Monday, June 17 that the figures showed an upwards trend.
But he added: “People are better informed about reporting incidents.
“Each of the incidents that occurred are subject to examination using the ICO formula and there were only two serious incidents that have had to be reported to the ICO in this period.
“In both cases, the ICO was satisfied with the council’s policies and procedures and actions taken.”
Cabinet member Cllr Ben Burton said: “The security incidents have been robustly reported.
“The ICO confirmed the actions taken were appropriate and that the dismissal in one instance complied with legal requirements.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here