View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 20, 2012

Essex County Council facing ICO probe over data breach

Details of 400 vulnerable citizens were sent outside the council's network

By Steve Evans

Essex County Council has admitted to a serious data breach which has potentially left 400 people exposed to identity fraud.

The leaked details include names, addresses and financial information of around 400 vulnerable users of the council’s services.

The council claims the breach was caused by an employee in the Adults Health and Community Wellbeing department sending the information to a computer outside the council’s network. Essex County Council has not revealed exactly how the data breach occurred beyond telling CBR in a statement that it was, "sent electronically to a member of staff’s home computer."

According to local news website This Is Total Essex, the council worker has subsequently been dismissed.

Essex Police and the ICO have been informed, the report added.

In a statement the council confirmed a breach but played down fears the information could lead to identity theft.

"While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy. Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised," the statement said.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"We do not believe there is malicious intent behind this incorrect use of data. The information involved is such that (the risk of) identity theft is minimal," the council added.

The council added that it provides mandatory training to all staff in data governance and information handling and has "strict" information security policies and procedures in place.

"With all the security procedures we are supposed to have now and all the millions the county council has spent on the best IT, it beggars belief that something like this can have happened," said Councillor Mike Mackrory, Liberal Democrat opposition leader at the council.

"I am frankly staggered. We need to get to the bottom of it quickly and ensure our procedures are even tighter," he said.

The Information Commissioner’s Office (ICO) is likely to look into the incident. In a statement it told CBR: "We have recently been made aware of a possible data breach which may involve Essex County Council. We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act (DPA) before deciding what action, if any, needs to be taken."

It was recently revealed that the data watchdog had handed out 68 warnings over the last year, up from just 46 the previous year.

The ICO has also increased the frequency and amount of fines it has handed out. During the specified time period it handed out 15 fines totalling £1.8m, well up on the six fines totalling £431,000 handed out the previous year, recent figures revealed.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.