A report has revealed that a recent Birmingham City Council data breach incident has taken place after private information was mistakenly published online.
It is alleged that the exposed data included the details of “vulnerable children”, although this has reportedly been disputed by the local authority. The council said that a number of citizens were affected, but has yet to confirm just how many people were affected.
The Birmingham City Council data breach appears to be yet another example of the human error data breaches we have seen occur at local authorities time and time again. As advocates of data security, we believe that there is never an excuse for errors such as this, as everyone has the right to have their private data kept safe. In many cases, victims of data breaches can be eligible to claim compensation for any harm caused. This may also be a possibility for those affected by the breach at Birmingham City Council.
Birmingham City Council data breach – what happened?
On 19th March, an email was reportedly sent out to council staff revealing that a serious data protection incident had occurred. It was revealed that data had been unintentionally uploaded to BRUM Account, an online booking service for Birmingham residents.
It is understood that, among citizens’ details, information relating to children who are eligible for free bus passes was posted, with the potential for external unauthorised access to the information.
The council has asserted that the error had been corrected as soon as it was noticed, also claiming the data had not been downloaded from the site. In line with correct procedures, the Birmingham City Council data breach was also reported to the ICO who, in this case, has decided to take no further action.
The implications of the data breach
One of the Conservative members of the council, Councillor Ewan Mackey, expressed concerns about the council’s attitude towards data protection. He stated that this was not the first incident of its kind, citing an earlier error that reportedly allowed staff with failed DBS checks into school transport. The Councillor also regarded the data breach as one of potentially high risk, stating that organised crime gangs value this information highly in their efforts to recruit young people.
The claim that the data exposed by the Birmingham City Council data breach was not downloaded may not lessen the potential risks it provoked. In the wrong hands, the exposure of the children’s data could have significantly endangered their privacy and their safety.
The email to council members warned them to, in future, always be “mindful” of data protection when handling data. It is unfortunate that it took a breach such as this for staff to be reminded of their responsibilities.
Data breach compensation claims
We believe that victims of the Birmingham City Council data breach may be able to claim compensation for the exposure of their private data. It may emerge that the data is at higher risk than the council believe it to be, in which case it could be vulnerable to misuse.
We have previously taken on and won many claims against local councils, and it is common trend of such breaches that they are caused by human error. As specialists in data breach claims, we want to ensure that data controllers are held to account for these basic mistakes.
Anyone who has fallen victim to the exposure of their personal data can contact us for free, no-obligation advice on their potential claim.