Welsh councils broke data protection laws 135 times

10 April 2014 Last updated at 13:59

Welsh councils broke data protection laws 135 times

By Alun Jones

Councils in Wales broke data protection laws twice as often last year as they did in 2012, BBC Wales has learned.

Examples included a bag containing papers for a court case being left on a train, and sensitive personal data appearing on a website.

The laws were broken 135 times in 2013 compared to 60 breaches in 2012.

The Information Commissioner’s Office (ICO) called for effective data handling to be “hardwired” into the culture of local authorities.

The details from the 22 councils have been obtained by BBC Wales through a Freedom of Information request.

It showed:

There were 45 breaches at Powys council of which 25 were confined internally to the council, while four were due to external providers of services and six were still under investigation. The council said training and revision of policies had been carried out since

Cardiff council recorded 14 breaches including financial information about 15 employees being given to third parties and information being stolen from an employee’s car. A spokesperson said a number of new measures have been introduced

At Wrexham council there were 13 incidents, including one in the adult social care department where personal information was passed incorrectly to a third party

Gwynedd council had 10 breaches including personal details being mistakenly sent, and letters and emails being sent to the wrong people

Flintshire and Newport councils each recorded nine breaches, including a fax containing personal data being sent to the wrong care provider and “lost or stolen paperwork”

Caerphilly council said six breaches had occurred, one of which was a person’s personal data being lost within the authority

A bag containing papers for a court case being left on a train, documents stolen from a private residence, and a letter, fax and email were sent to the wrong people were among five breaches at Anglesey council

Carmarthenshire council had five breaches, while Merthyr had four, Denbighshire reported three breaches and there were two at Pembrokeshire

Bridgend council had three breaches including a laptop being stolen from a car and a document containing sensitive personal data being sent to the wrong printer

Rhondda Cynon Taf council self-reported one breach to the ICO about disclosing personal information through email by accident and Torfaen council had one breach which was an email with personal information sent to the wrong recipient

Monmouthshire councilsaid there “were no significant breaches in 2013” while Conwy council said “some events occurred which included sending emails, a fax and correspondence to unintended recipients, and information stolen from a vehicle/property”

Five of the 22 councils – Blaenau Gwent, Ceredigion, Neath Port Talbot, Vale of Glamorgan and Swansea said they had recorded no breaches last year

Anne Jones, Assistant Information Commissioner for Wales, said: “It’s important local authorities live up to their legal responsibilities under the Data Protection Act.

“Keeping people’s personal information secure should be hardwired into their culture as losses can seriously affect reputations and as a consequence, service delivery”.

Leave a Reply