Last week the ICO’s (Information Commissioner’s Office) Strategic Liaison Group Manager, Dawn Monaghan, blogged on how the local government sector had received fines of over £2million over the last three years for breaches of the Data Protection Act (DPA).
These breaches fall into 3 main categories:
- Information disclosed in error
- Sensitive information sent to the wrong person
- Failure of management to provide guidance, training or processes to ensure data is not entered into systems incorrectly
In her blog, Dawn highlights how breaches often involve a combination of all three of these, which then leads to the breach going unnoticed. In several instances the breach has only been identified when a member of the public has informed the council of its error.
Concerns are also raised about how councils are failing to employ encryption to protect sensitive data. Encrypted laptops and USB sticks are a simple, relatively cheap way of protecting data, yet many are not yet onboard with utilising the technology available.
The truth about these breaches is that they could have easily been prevented.
Training, education and the employment of simple technology could have prevented the majority of these breaches. There are many resources available to help ensure DPA compliance including:
Local councils are the biggest culprit of DPA breaches. However if you store or process personal data then you too must ensure you are DPA compliant, otherwise you face potential fines up to £500,000.