A Chorley Council data breach has recently been reported after it was revealed that thousands of members of the public may have had their details exposed by the local authority. The incident appears to be yet another example of the damage that can be done to information security when employees make misjudgements.
Unfortunately, the incident at Chorley Council is only one in a long list of data breaches to have been caused by human error at local government bodies generally. Councils like Chorley should be striving to break with this trend, but there has unfortunately been little progress in terms of data protection it seems.
In the UK, all third-party data controllers are obliged to comply with the GDPR in their protection of the information that they hold and process. If they fail to do so, they can be held accountable, and those affected may have a right to make a compensation claim.
The Chorley Council data breach – what happened?
The Chorley Council data breach is understood to consist of the accidental publication of data on the council’s website. It has been reported that the confidential information relating to the complaints residents made to the council has been freely accessible for a total of 8 years.
Despite the considerable amount of time that had passed since the mistake was seemingly made, it was not even a member of the council itself who identified the breach, and it was instead a local resident. The man reported that he was able to see over a hundred pages of confidential data. The list of complaints did not include names, but it did include addresses which could lead to residents being targeted in their homes or facing threats from criminals and fraudsters.
It is understood that the council might have initially argued that the resources had been made accessible intentionally as a way of allowing residents to easily check the progress of their requests and complaints. Nevertheless, the Chorley Council data breach has now been self-reported to the Information Commissioner’s Office (ICO), the government regulator which investigates data breaches.
The risks of a local authority data breach
The Chorley Council data breach may not constitute a severe breach of privacy, but it is a worrying oversight on the council’s behalf. Ideally, the council should have put in place a login system or provided email updates on the progress of complaints. Collecting and publishing all this information in one place seems to be a rather lazy approach that can be risky for obvious reasons.
With councils reportedly suffering over 700 data breaches in 2020 alone, it is clear that action needs to be taken to improve data security. Almost half of the local authorities included in the survey were reportedly identified as employing no staff members with certified security knowledge, so it is easy to see where the problem may lie.
Make your data breach compensation claim
As long as the lacklustre approach to data protection continues, it is important that those affected by council data breaches have the chance to assert their rights. Your Lawyers, as leading specialists in data breach claims, can offer No Win, No Fee representation to eligible claimants.
You can contact us for free, no-obligation advice if you think you may have a case.