Printer Friendly

Council staff admit 19 private data leaks.

Byline: HERBERT SODEN Local democracy reporter herbert.soden@trinitymirror.com @HerbertSoden88

A SOCIAL services report detailing someone's mental health and medical problems was uploaded to an online forum after an authority worker clicked on the wrong option.

This was just one of a series of data breaches that happened at Gateshead Council in a 10-month period.

It has admitted to 19 data leaks since May last year, including two that had to be reported to the Information Commissioner's Office (ICO) - the UK's independent body set up to uphold information rights.

A report into information governance at Gateshead Council revealed the breaches to General Data Protection Regulations (GDPR).

The ICO decided to take no action after an incident which saw a social services report with details about someone's mental health accidentally uploaded to an online forum. Tanya Rossington, litigation manager and information rights officer at Gateshead Council, said no action was taken because the forum was used by other health professionals.

At Monday's meeting of the corporate resources overview and scrutiny committee, she said: "A social services report about someone's mental state and the medical conditions they had was wrongly uploaded to an online forum using the nickname file facility.

"That's where you go to send somebody an email and you put the letter 't' in and it goes to a drop down box listing everyone you've sent an e-mail to. They hit the wrong one and it went to an online forum. It was other mental health professionals thankfully.

"We reported it to the Information Commissioner and we got a decision back in January that said it was a data breach but they weren't going to enforce a monetary penalty on us, because it was a breach that went to other professionals who have a professional duty of confidentiality, so the risk was low."

Gateshead Council is currently working on removing the nickname email facility from its social services department.

The ICO is yet to make a ruling on a breach where a council tax liability schedule in a debt case was sent to a debtor with the names and addresses of 53 other people who owe money to the authority.

"A council tax liability schedule was sent to a debtor and it should have only had their information on. It had details of 53 other service users, names, addresses, and the fact that they owe council tax," said Ms Rossington. "We got it back from the person and provided them with the right information and we're just waiting for a decision to come back."

In another incident, an educational psychologist's report was sent to the wrong address. The report was retrieved and the address updated.

A worker lost a notebook containing service user information, in this case the employee was told to retrace their steps and provided with advice about secure methods of accessing service user data off site.

A fostering agency was sent information about a child they weren't caring for, it destroyed the report and the correct record was sent to them. There were two incidents where letters about care cases were sent to the wrong recipients because the system wasn't up to date.

A report was sent to the wrong solicitor by email, this was later deleted and the employee asked to double check email addresses.

There were nine separate incidents of correspondence relating to housing benefit or council tax being sent with the correct data to the wrong people. Because of this, all revenue and benefit staff took GDPR training in December and the council has brought in the services of an outside mailing company.

A resident also complained to the council when her data was shared with her landlord without her permission.

The authority upheld the complaint and apologised. The staff member responsible was "provided with advice about appropriate data sharing".

Finally a building control invoice was sent to the wrong house number, it was later retrieved and the address details were updated on the system.

Ms Rossington described the recent changes to data protection rules as "massive" but said the council had done a "large amount" of work to comply with legislation.
COPYRIGHT 2019 MGN Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2019 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Evening Chronicle (Newcastle, England)
Date:Mar 8, 2019
Words:689
Previous Article:Thief targeted football ground; he swiped bag then stole from hospital.
Next Article:ChessWITH THE KNIGHT.
Topics:

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters