Newcastle City Council suffers a data breach

Newcastle City Council has been forced to apologise after one of its workers included an attachment with highly sensitive data when sending an email to invite adoptive parents to an annual summer event. The leaked data contained 2,743 individuals’ names, addresses, birth dates, and the details of current and former adoptees and social workers.

The breach took place on 15 June 2017 when the email was sent to 77 people. According to the council’s statement, it was “deeply concerned to learn of this breach” and “a thorough investigation was carried out into how this happened”. The council has informed the Information Commissioner’s Office (ICO) of the breach. The ICO will investigate and could issue a fine of up to £500,000.

Ewen Weir, director of people, said:

I am truly sorry for the distress caused to all those affected. We will work closely with the affected families and individuals to support them at this trying time. The council takes data protection and confidentiality very seriously and has acted swiftly to understand what happened and who has been affected. This breach appears to have been caused by human error and a failure to follow established procedures. We are conducting a thorough review of our processes to identify what changes we can make to ensure this never happens again.

As the breach was caused by “human error”, the council has put a number of measures in place to make sure it doesn’t happen again and is “running refresher training courses for all staff with access to sensitive information”. The breach reiterates the importance of staff awareness training to make sure that staff who have access to sensitive data have the correct knowledge and a better understanding of information security.

Staff training to reduce data breaches

Rolling out a comprehensive staff awareness programme will give employees a clear understanding of their compliance requirements, your organisation’s security policies and procedures, and basic knowledge of information security best practices to reduce preventable mistakes.

Discover how our Data Protection Act and Information Security Staff Awareness e-learning courses can help your staff be more careful >>