Data and securityData ProtectionData breach by Scotland’s largest local authority

Data breach by Scotland's largest local authority

Physical document breach raises multiple questions about data protection that councils have in place in this digital age.

In an incident of serious data breach, a confidential document with personal details of almost 30 children has been found dumped outside Highland Council’s headquarters. The document contains the full names, dates of birth and case numbers of 28 children – one as young as eight months old. In one excerpt, an adoption case is discussed in some detail.

The eight papers, including sticky notes with details of queries to the council, were found on the ground and in ripped bin bags at the top of an open bin discovered among general waste outside the Inverness headquarters by a resident whilst investigating concerns of fly-tipping in the area. It contains full names, dates of birth and case numbers of twenty eight children – one as young as eight months old.

Council policy states that paper containing personal information must be disposed of using the council’s confidential waste paper disposal bins or other approved method.

A Council spokeswoman said they were unable to offer any further comment until the investigation on the data breach has been completed.

Alarm bells

This data breach raises serious questions over data protection policies. Jon Fielding, Managing Director, EMEA Apricorn said:

“It is frustrating to see incidents like these continue to occur when the remedy is so simple.  This breach of sensitive information by Scotland’s largest local authority rings many alarm bells. It’s concerning that an organisation such as this is still using hardcopy for PII. What’s worse, is that they do so and yet seem to have no process in place to dispose of it with any consideration for the security and privacy of the information it contains.

Organisations should have security front of mind when saving and storing data. Data security solutions focused on strong encryption and identity and policy-based data management are certainly the way forward. Simply using secure drives, such as encrypted USB devices, ensures that the contents remain obscured and inaccessible, even if the drive is lost or disposed of inappropriately. If the data needs to be printed at any stage, make sure it is completely shredded before discarding.”

From an organisation’s perspective, proper disposal of hard copies of sensitive information needs to ensured. Many users still print information for easier reference, they read better from paper, or they want to take work home. This can leave a significant gap in the security controls framework and keep the organisation vulnerable to a data breach.

Solutions exist to prevent printing sensitive information, but it is about affordability for local authorities. A large majority of local authorities are without a large security budget. Such mishaps forces the thought that the government administrators should balance their desire for modern solutions with the realities of public sector working environments.

Lessons have to be learned

Highland Council launched an urgent investigation on Monday. The council were expected to report the data breach to the Information Commissioner by 15 May abiding by their 72 hour deadline.

MP Ian Blackford said: “Lessons have to be learned to make sure that such a breach never arises again.

“It’s a deeply worrying incident and unfortunately it does raise serious questions about Highland Council’s data protection policies. They are duty bound to report themselves to the Information Commissioner and that must be done within a short timeframe. The commissioner’s office will then begin their own investigation and I am sure they will fully take onboard the seriousness of the situation.

“Highland Council must also take the lead on this from the very top to ensure that such an incident never happens again. It’s quite simple; this sort of thing is not acceptable.

Related Articles

Digital resources for social care workers and employers

Adult Social Care Digital resources for social care workers and employers

3d Jay Ashar
UK to embrace machine learning and AI in healthcare

Digital Transformation UK to embrace machine learning and AI in healthcare

3d Jay Ashar
Smarter cities today, not smart cities tomorrow

Smart Cities Smarter cities today, not smart cities tomorrow

4d Matt Bird
Data breach by Scotland's largest local authority

Data Protection Data breach by Scotland's largest local authority

4d Jay Ashar
Digital telecare solutions for older residents

Adult Social Care Digital telecare solutions for older residents

4d Jay Ashar
Project aims to deliver digital ID to vulnerable citizens

Digital Skills Project aims to deliver digital ID to vulnerable citizens

4d Jay Ashar
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

5d Jay Ashar
Study reveals fewer than five per cent of councils are using AI

Government Technology Study reveals fewer than five per cent of councils are using AI

6d Jay Ashar