Wigan council's data breach shock

Shock figures
Shock figures
Share this article

Wigan Council has experienced more than 80 data breaches in the past two years, concerning figures have revealed.

A recent Freedom of Information request has highlighted an alarming number of incidents in which sensitive, confidential or otherwise protected information has been accessed or disclosed “in an unauthorised fashion.”

Inadequate training, a lack of robust policies and technical errors can all contribute to the breaches.

An internal review was presented to the audit, governance and standards committee this year, with the town hall classing its own information security system as “high risk”.

The report states: “Information security still remains a high risk area for the council.

“The council has continued to suffer data losses during the year and on each occasion officers from internal audit have worked with the council’s data protection officer to ensure the breach is properly investigated, that adequate remedial action is taken and lessons learned are communicated widely.

“On each occasion the Information Commissioner’s Office (ICO) has been satisfied with the council’s response and has not enforced any form of penalty.”

Various reasons have been given to explain the missing data, including errors with information input, personal data being sent to the wrong address due to outdated information or technical error and IT systems being accessed incorrectly or when unauthorised.

On one occasion last year, a burglary led to the loss of council-held data, although it is not specified whether this information was held electronically or within physical documents. “Misplaced” files and lost forms have also contributed to the breaches.

Council assistant director for legal services Brendan Whitworth said: “Information security is a high priority for Wigan Council.

“When a data loss happens, officers from internal audit work with the council’s data protection officer to ensure the breach is properly investigated, that adequate remedial action is taken (including disciplinary action if required) and lessons learned are communicated widely.

“We continue to reinforce the importance of data security to all our staff with relevant training to support this.”

Data protection and information governance staff are now preparing for May’s introduction of the General Data Protection Regulation, proposed by the EU Commission to strengthen and unify data protection for EU citizens.