An investigation by Big Brother Watch has shown the true extent of data loss and misplacement by local authorities in the UK.
Every Local Authority in the UK was issued with a Freedom of Information request asking about data loss for the three years up until July 2011, from the information gained from the 132 local authorities who did respond, BBW found there were 1035 incidents of data loss including evidence that more than
- 244 laptops and portable computers
- 98 memory sticks
- 93 mobile devices
went missing.
According to the report in the three years of information requested Stoke-on-Trent City Council had the following breaches of data security.
- 2 case files misplaced during an office move – Adult care information
- Lost Blackberry device – Not recorded, device security locked and encrypted
- Memory stick lost in Hanley – Children’s Services case files of approximately 40 individuals’ records held on device
- Memory stick lost on car park which was found and returned – Encrypted data
- Ring binder containing data on 3 service users were left within a secure council compound but accessible to council staff from another team – Copies of social work data
Stoke-on-Trent are not the best, as a number of authorities who responded to the requests said they had had no breaches and they are nowhere near the worst when you look at the top ten worst authorities in the report.
- Buckinghamshire (72 incidents)
- Kent (72)
- Essex (62)
- Northamptonshire (48)
- North Yorkshire (46)
- Renfrewshire (41)
- West Sussex (36)
- Tower Hamlets (31)
- Telford and Wrekin (30)
- Cornwall (25)
I have read this report a few days back and saw the only disciplinary action taken (at Stoke) was an “informal verbal warning”.
But as the report reads these are only the “reported” incidents, so have a guess to the actual number of incidens as no one will say.
Stoke Council seem to have missed some items from their list:
1. A copy of my CRB was leaked to Labour Party member and I made a formal complaint (guess what nowt happened).
2. At an IT group I was on I learned that dozens of laptop were “missing” many from senior officers who never returned them after they left.
3. Dozens of computers are given to the community when they are no longer used by the council – I helped a group picked up four myself and found they all contained their hard drive complete with data (no deleted) holding personal information and financial information.
4. Alby Walker’s CRB went missing from the council completely. He complained – guess what – nowt happened!!
The council only tries to keep your secrets safe if you are in the Labour Party or are named Mark Meredith
Was this between July 2008 & July 2011?
It wouldn’t surprise me if items have been ‘missed’. I have a couple of responses to FOI requests which are so obviously wrong, mainly because you have to be totally specific and cover every loophole to get a correct answer..
Oh and have an awful lot of time to waste, researching and then waiting for them to respond..
I can tell you this now. Much is made of Data protection. and rightly so. However in an authority like stoke such rules and regulation are brought into force that prevent the city from moving forward with it’s I.T policy in a modern cutting edge way.
This is due to risk aversion. Whilst people carp on about lost items, the remaining items are become so jealously guarded, that they become unusable for fear they may be misused.
Rather than enforcing draconian policy on the whole Council, and then ultimately the city. Why not discipline the staff who lose this data?
The problem with Stoke (and a lot of other organisations) is they will have a knee jerk reaction to a problem.
These few reported issues with lost data will have undoubtedly made some processes unworkable.
You know as well as I do Tides, a lot more could be opened up to allow people to work more effectively by just changing a few working practices and managing them on a day to day person to person basis rather than denying everything.
As I mentioned previously only one “informal” disciplinary warning, Tideswellman also has remarked “Why not discipline the staff who lose this data?”
This shows the mentality of the councillors and management in the council. Obviously by their inactions to deal decisively with those who lose the data, and their over willingness to wrongly use “data protection” as a reason not to provide information is indictment of their misunderstanding of the Data Protection Act.
Mike’s “changing a few working practices” would be too radical for the council as those who have something to hide may be caught out by changing the blanket ban on release of information or comments from councillors only through the councils own “media” releases.
Another misused tool (DPA) by the council for their own ends. Who knows the reason why only so few loses of data have been declared, is it because they couldn’t disclose anymore due to data protection !