Huge increase in people requesting data on themselves from council
The number of residents requesting data about themselves from a council “increased dramatically” last year, and audit bosses say they have “absolutely no idea why”.
The data protection law allows individuals to ask to view the information councils and other bodies hold about them.
Telford & Wrekin Council Audit and Governance Lead Manager Rob Montgomery told councillors the authority received 143 such “subject access requests” in 2020-21, compared to 96 and 85 in the preceding two years.
The Audit Committee heard requests were increasing in complexity too, with replies sometimes running to thousands of documents each, but Mr Montgomery said the Information Governance team’s procedures were up to the task and continually improving.
He said requests under the 2000 Freedom of Information Act – which allows the public to request general information from public authorities – had dipped slightly in 2020-21.
“We had 1,030 compared to 1,181 in 2019-20,” he said.
“What has increased dramatically are the number of subject access requests. These are requests where people contact the local authority and ask for copies of information on themselves or their children.
“That has increased 49 per cent, a huge increase on the previous year, with no particular indicator as to why.
“Many of these requests do relate to children’s services, children’s social services, but then the proportion was the same in the previous year, so I have absolutely no idea why there is an increase.”
The committee was discussing the annual Information Governance Report, which said: “The complexity and number of SARs have increased significantly in 2020-21. One request alone included approximately 15,000 documents which had to be read and redacted.
“IG continually review their procedures for processing subject access requests and feel that these are streamlined and fit for purpose. However, further reviews will take place to ensure processes improve where possible.”
The 2018 Data Protection Act requires responses to subject access requests to come within one month, but this can be extended to three if the request is complex or the applicant has submitted multiple applications.
The report also noted that one “data breach” was serious enough to be reported to the Information Commissioner’s Office during 2020-21.
“The ICO were satisfied the breach was due to human error and no further action was required,” the report said.
“They were very happy with how the breach was managed and contained,” Mr Montgomery added.
The report said Information Governance support data breach investigations across the council, and work with them to improve data processing and prevent future security incidents.
“A data breach can cover a number of different incidents from a member or employee reporting a lost mobile phone to personal data being communicated to an unauthorised and/or incorrect recipient,” it added.
The council made the same number of ICO self-reports in 2019-20.
