Contractor sacked for leaking personal data held by South Gloucestershire Council

June 25 2019
Contractor sacked for leaking personal data held by South Gloucestershire Council

A CONTRACTOR has been sacked for accessing and passing on personal information held by South Gloucestershire Council.

The incident was the most serious of 184 data security breaches at the authority in the past year – up by 46 per cent on 2017/18, when there were 126.

A report to the council’s cabinet said two serious data breaches were reported to the Information Commissioner’s Office by the council. The ICO also received seven complaints about the council from the public.

The first serious breach “involved a third party employee who accessed and disclosed personal information without authority,” said the report, adding: “The employee was dismissed and the incident was reported to both the ICO and the police.

The ICO judged that dismissal was an appropriate and proportionate sanction against the contractor, and no further action required.”

In the second case, “accidental disclosure of highly sensitive data about an individual to another individual” had been due to human error.

The report said: “In this case the ICO was satisfied that we had taken reasonable action to investigate and prevent similar breaches happening in the future, that we had complied with the law and the breach was due to human error.

No enforcement action was taken.”

The cabinet was told that the ICO had also raised seven data protection ‘concerns’ following complaints to the data watchdog from residents who had asked for access to personal information the council held on them and had not been satisfied with the authority’s response.

The report said: “In six cases the ICO found in our favour and confirmed our actions as correct and lawful. One particularly complex case is still being considered by the ICO.”

The council insists the increase in reported breaches is because of its work to ensure employees are better informed to report issues.

The report said there had been an “improvement in understanding among officers and members about the importance of data security” but said there needed to be “awareness training” and improved handling of data to cut the number of incidents caused by human error.

Staff are being encouraged to always check postal and email addresses to make sure they are sending letters to the right person and to minimise the amount of paper documents used outside the office.

Cabinet member Ben Burton said: “The security incidents have been robustly reported.

The ICO confirmed the actions taken were appropriate and that the dismissal in one instance complied with legal requirements.”