Data breaches: the next steps for councils

A study being publicised by privacy campaign Big Brother Watch found that local authorities suffered 4,236 recorded data breaches in three years from April 2011, and it’s vital that councils respond to ensure that they maintain residents’ trust.

Internal systems 

The number of cases in which inappropriate data was shared, or sent to the wrong recipient, suggest that stronger internal structures and checking systems could be employed.

Training employees from ground level is particularly important, as it ensures every council representative handling private data is aware of their responsibility to protect it, the ways they can do so, and the repercussions if they fail.

To this end, the Information Commissioner’s Office (ICO) has published a local authority information sharing and data protection checklist that asks a number of key questions designed to support data protection policy and practices.

Digital safeguards

With increasing amounts of data stored digitally, it’s necessary to constantly update and maintain software and hardware to minimise the risk of data loss or theft.

This isn’t just limited to obvious systems like secure servers, password protection and antivirus software, councils must consider how to protect data in the cloud, and how to lock down servers when a there’s a software breach or hardware loss.

After all, it’s one thing to assign ownership of information governance (a duty the ICO praises councils for), and another to empower them to limit the impact of human error or data theft when it occurs.

Visible processes

Big Brother Watch director Emma Carr told The Guardian, “With only a tiny fraction of staff being disciplined or dismissed this raises the question of how seriously local councils take protecting the privacy of the public.”

This attitude contrasts significantly with an ICO report from 2014, which, while critical, maintained that, “overall councils take data protection very seriously”.

Visible responses to data breaches, including public apologies like that made by Stevenage Council in July this year, and punitive measures, help the public to see the constant process of improvement. But councils can also address the problem proactively by sharing security guidelines and measures to ensure the public are conscious of the effort put into data protection and to help build trust.