Watchdog may look into new data breach at Telford & Wrekin Council

The incident is at least the seventh data breach by Telford & Wrekin Council since April and the second one to be referred to the Information Commissioner’s Office (ICO).

The watchdog is yet to decide whether to probe the latest incident.

The first six incidents were outlined in a report written by council auditors and covering April to August 2018.

“In this period we identified six data breaches,” council auditors Tracey Drummond and Rob Montgomery wrote.

“One of these met the Information Commissioner’s rationale for reporting serious breaches to them.

“Information governance is continuing to work with all service areas where breaches have occurred to ensure they improve procedures and that disciplinary action is taken where appropriate.”

Council spokesman Russell Griffin said the most serious breach was investigated by the ICO, who found no further action was required.

Aware

However, a subsequent data-handling error has also been referred to the ombudsman since August.

An ICO spokesperson confirmed they were aware of a new incident involving Telford and Wrekin Council.

“We will assess the information provided against data protection laws, before deciding whether or not to investigate,” she added.

ICO data-handling guidelines tell local authorities: “When a personal data breach has occured, you need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms.

“If it’s likely that there will be a risk then you must notify the ICO.”

Mr Griffin said: “The council takes its responsibility for protecting personal and sensitive information very seriously and therefore encourages an open culture where employees are encouraged to report all actual and potential data breaches in order that we can put measures in place to reduce potential issues in future.”

In their report, which was presented to the audit committee at Addenbrooke House , Ms Drummond and Mr Montgomery added that 1,300 council staff have so far completed more than 10,000 modules of online training to ensure they comply with the newly-introduced GDPR rules.