Data and securityData ProtectionData breach by Scotland’s largest local authority

Data breach by Scotland's largest local authority

Physical document breach raises multiple questions about data protection that councils have in place in this digital age.

In an incident of serious data breach, a confidential document with personal details of almost 30 children has been found dumped outside Highland Council’s headquarters. The document contains the full names, dates of birth and case numbers of 28 children – one as young as eight months old. In one excerpt, an adoption case is discussed in some detail.

The eight papers, including sticky notes with details of queries to the council, were found on the ground and in ripped bin bags at the top of an open bin discovered among general waste outside the Inverness headquarters by a resident whilst investigating concerns of fly-tipping in the area. It contains full names, dates of birth and case numbers of twenty eight children – one as young as eight months old.

Council policy states that paper containing personal information must be disposed of using the council’s confidential waste paper disposal bins or other approved method.

A Council spokeswoman said they were unable to offer any further comment until the investigation on the data breach has been completed.

Alarm bells

This data breach raises serious questions over data protection policies. Jon Fielding, Managing Director, EMEA Apricorn said:

“It is frustrating to see incidents like these continue to occur when the remedy is so simple.  This breach of sensitive information by Scotland’s largest local authority rings many alarm bells. It’s concerning that an organisation such as this is still using hardcopy for PII. What’s worse, is that they do so and yet seem to have no process in place to dispose of it with any consideration for the security and privacy of the information it contains.

Organisations should have security front of mind when saving and storing data. Data security solutions focused on strong encryption and identity and policy-based data management are certainly the way forward. Simply using secure drives, such as encrypted USB devices, ensures that the contents remain obscured and inaccessible, even if the drive is lost or disposed of inappropriately. If the data needs to be printed at any stage, make sure it is completely shredded before discarding.”

From an organisation’s perspective, proper disposal of hard copies of sensitive information needs to ensured. Many users still print information for easier reference, they read better from paper, or they want to take work home. This can leave a significant gap in the security controls framework and keep the organisation vulnerable to a data breach.

Solutions exist to prevent printing sensitive information, but it is about affordability for local authorities. A large majority of local authorities are without a large security budget. Such mishaps forces the thought that the government administrators should balance their desire for modern solutions with the realities of public sector working environments.

Lessons have to be learned

Highland Council launched an urgent investigation on Monday. The council were expected to report the data breach to the Information Commissioner by 15 May abiding by their 72 hour deadline.

MP Ian Blackford said: “Lessons have to be learned to make sure that such a breach never arises again.

“It’s a deeply worrying incident and unfortunately it does raise serious questions about Highland Council’s data protection policies. They are duty bound to report themselves to the Information Commissioner and that must be done within a short timeframe. The commissioner’s office will then begin their own investigation and I am sure they will fully take onboard the seriousness of the situation.

“Highland Council must also take the lead on this from the very top to ensure that such an incident never happens again. It’s quite simple; this sort of thing is not acceptable.

Related Articles

Councils drive transformation with SaaS models

Cloud Computing Councils drive transformation with SaaS models

5m Jay Ashar
Healthcare organisations fix application flaws faster

Digital infrastructure Healthcare organisations fix application flaws faster

5m Jay Ashar
The need for balance in digitising public services

Digital Transformation The need for balance in digitising public services

5m Afshin Attari
Digital lags behind in healthcare: Deloitte report

Digital Skills Digital lags behind in healthcare: Deloitte report

5m Jay Ashar
Where are all the change managers delivering “digitisation”?

Change Management Where are all the change managers delivering “digitisation”?

5m Romy Hughes
Getting technology providers to partner for progress

Digital Transformation Getting technology providers to partner for progress

6m Neil Laycock
Delivering transformation for future generations

Digital Skills Delivering transformation for future generations

6m Jay Ashar
Driving change through place-based partnerships: Part Two

Digital Customer Service Driving change through place-based partnerships: Part Two

6m Austin Clark