The Information Commissioner’s Office (ICO) has censured five more UK councils for breaches of the data protection act (DPA).
Information Commissioner Christopher Graham said the councils breached the DAP by failing to ensure people’ personal data was kept secure. Graham added that it is time for councils to take the DPA seriously.
"At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act," he said. "Failures not only put local residents’ privacy at risk, but also mean that councils could be in line for a sizeable monetary penalty."
Included in the latest round of ICO criticisms is Basingstoke and Deane Borough Council, which breached the DPA on four separate occasions during a two month period during 2010. One of the incidents happened when someone was mistakenly sent information by the council relating to 29 people living in supported housing.
Brighton and Hove Council also faced the ICO wrath. One employee at the council emailed the personal details of a member of staff to nearly 3,000 others council workers. A separate incident occurred back in 2009 when a temporary employee had an unencrypted laptop stolen from their home.
Dacorum Borough Council, Bolton Council and Craven District Council were also censured, while Staffordshire County Council was issued with an enforcement notice over Staffordshire County Council.
All councils have signed an undertaking to ensure that all personal information is kept secure and that where relevant all portable devices used to store personal data are encrypted.
Graham added that the severity of some of the breaches cannot be ingnored.
"We must also consider the detrimental impact these breaches continue to have on the individuals affected. Disclosing details about someone’s social housing status can be upsetting and damaging for those affected. To help tackle this issue I’ve submitted a business case to the government to ask for them to extend my compulsory audit powers," he said.
The announcements follow the news that the ICO has handed out its biggest ever fine, penalising Midlothian Council a record £140,000 for repeated breaches of the DPA.
