Cambridgeshire County Council Data Breach (2015)

Elderly care papers held by an agency were found dumped in a bin as part of a shocking series of data breaches by Cambridgeshire County Council, the News can reveal. A report released by anti-surveillance group Big Brother Watch reveals that between April 2011 and April 2014, there were 34 data breaches by Cambridgeshire County Council. This included elderly care papers held by an agency being found in a bin, a child review sent to wrong person, a case review containing excessive personal information published to the public and family assessment information sent to the wrong families. In addition to this, a child file was 'left unattended' and handed to police and a batch of 12 'cc' letters to a psychologist were sent to the parents of one of the subjects of the letters, rather than to the professional concerned. Despite the data breaches, Cambridgeshire County Council states in the report that there have been "fewer than three dismissals", no resignations and the details of "three specific disciplinary action cases have been recorded centrally by HR, but further details of informal disciplinary actions and training" is not. In response to the data breach report, a spokesman for Cambridgeshire County Council said: "The council deals with thousands of items of personal data every day which is essential for us to deliver the best services possible. "We would like to reassure residents that we take this duty very seriously and the security of information held by the Council, including personal data, is paramount to us. "The council has put in a number of controls to try and ensure security incidents don't happen and when they do learn by any mistakes. "Although fewer than compared to some other authorities, just one breach is one too many. "The breaches highlighted are largely down to human error and some have been made by outside agencies. We actively investigate all incidents so we can take the appropriate action. "All staff must complete annual compulsory information security/data protection training and have to adhere to the Code of Conduct, which states that staff must abide by policies to ensure that information is kept secure. "We also work closely with the Information Commissioner to ensure that best practice is adopted and will continue to find new ways to further protect data." Information provided in the report state that the elderly care papers found in a bin were collected by the county council. Adult Social Care worked with the relevant care agency to address "weaknesses in their paperwork procedures". In the case of the batch of letters sent to parents, remedial action was taken by the council to apologise and put new processes and training in place. This was reported to the Information Commissioner's Office, who decided that no further action was required. The summary of the report states: "We are handing over more of our personal data than ever before to local authorities in exchange for more efficient and better targeted service. "As part of this deal we expect that the information will be kept secure and those who have access to the information are properly trained." The report adds that overall in the three year timeframe, there have been at least 4,236 data breaches.