Data and securityCyber SecurityCouncil apologises for data breach

Council apologises for data breach

Internal spreadsheet shared accidentally

Newcastle City Council has confirmed that a data protection breach has taken place and has issued the following statement:

On 15 June 2017, an employee in the council’s adoption team accidentally attached an internal spreadsheet to emails inviting adoptive parents to the council’s annual adoption summer party. The email and attachment were sent to 77 people. This attachment contained personal details relating to 2,743 individuals, comprising current and former adoptees, parents and social workers who had been involved with these families. The spreadsheet included personal information such as names, addresses and the birthdates of the adopted children.

The council was deeply concerned to learn of this breach. A thorough investigation was carried out into how this happened. A series of measures have been put in place to contain the breach, minimise potential distress to those affected and ensure that such breaches cannot happen in the future. These measures include:

  • contacting the 77 people who were sent the email requesting they delete the information to avoid it circulating further
  • putting in place a process to contact as many of those affected as possible by phone and letter
  • setting up a helpline and related counselling services to assist anyone with concerns
  • informing relevant regulators
  • commencing a review of data protection across the council and running refresher training courses for all staff with access to sensitive information
  • instigating a broader review of policies to ensure that no such breach can take place in the future.

The council apologises for any worry and concern this incident may have caused. We encourage anyone who thinks they may have been affected to get in contact via the dedicated helpline.

Director of People, Ewen Weir, said: “I am truly sorry for the distress caused to all those affected. We will work closely with the affected families and individuals to support them at this trying time. The council takes data protection and confidentiality very seriously and has acted swiftly to understand what happened and who has been affected. This breach appears to have been caused by human error and a failure to follow established procedures. We are conducting a thorough review of our processes to identify what changes we can make to ensure that this never happens again.”

Related Articles

Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

6d Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

1w Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2w Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2m Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

2m Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

2m Jay Ashar
Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

2m Austin Clark
Three-quarters of government organisations not DMARC compliant

Cyber Security Three-quarters of government organisations not DMARC compliant

2m Jay Ashar