In a data breach earlier this year involving Trafford Council, the personal information of residents had been publicly exposed. Personal details were reportedly taken as part of a resident survey, but the private information was understood to have not been redacted when the council sent a Freedom of Information request response to another resident.
Errors such as this seem to have become a common trait of council data breaches, with employees making needless mistakes that could be corrected with a few checks, and with greater attention to the appropriate procedures. Overall, the trend of human error data breaches at local authorities would suggest that there are inherent problems when it comes to data protection.
A lack of awareness in respect of data protection and cybersecurity is simply unacceptable in this day and age, in which the digitisation of personal information has the potential to make it a more accessible target for cybercriminals. While organisations bear the overall responsibility for compliance with data protection law, individual employees also have a role to play in eliminating data security risks.
How did Trafford Council expose data?
Early in July, Trafford Council issued an apology regarding the exposure of personal data recorded as part of the resident survey. In 2020, residents of the area were consulted regarding a plan to restrict traffic around a local park. To gather residents’ opinions, the council asked people to complete a survey in which they voted for or against permanently keeping the large planters at the ends of the roads by the park.
However, when a local resident requested to see the anonymised responses as part of a Freedom of Information request, council staff mistakenly neglected to redact the personal details of the respondents, including the names, home addresses, email addresses, and voting preferences of Longford residents.
The risks of accidental information exposure
The resident recognised that the breach had occurred immediately and alerted the council, which fortunately suggests that the information was only exposed for a few minutes. Nevertheless, the incident at Trafford Council highlights the potential risks of such incidents, in which there is every chance of information falling into the wrong hands so easily.
The resident who received the information believed that rushing may have played a part in the mistake. They reportedly prompted Trafford Council to reply following a delay that went beyond the response deadline, so it may be that the added pressure to send the information caused the employee(s) involved to fail to redact the information.
This, of course, is not an acceptable excuse for the exposure of information. Attention to detail and accuracy are always important when it comes to data protection compliance, and it is vital that these necessities are not forgotten in the presence of time pressures.
Claiming compensation for a data protection breach
Though it is unlikely that there was a widespread information leak, the data breach incident at Trafford Council could still have caused harm to residents’ data privacy. But, generally speaking, where failures in local authority cybersecurity or data protection procedures have resulted in compromised or exposed personal data, victims could be entitled to claim compensation.
At Your Lawyers (t/a The Data Leak Lawyers), we are leading experts in data breach claims, having represented clients for privacy matters for over 7 years. Our specialism in this area of law means that we can offer tailored advice to potential claimants, evaluating how the breach has impacted them to ensure that they receive a compensation pay-out that reflects the harm they have suffered.
To find out more about making a data breach compensation claim, you can contact our team today for free, no-obligation advice here now.