Big Brother Watch reports dramatic increase and says worst offenders should face prison
Civil liberties organisation Big Brother Watch has laid into local authorities for allowing too many data breaches and called for custodial sentences and criminal records for the most serious violations.
It has made the attack on councils’ records in a new report, A Breach of Trust, in which it claims they are responsible for an average of four data breaches a day.
Big Brother Watch says its survey of incidents between April 2011 and April 2014 shows there were 4,236 breaches, a fourfold increase over the 1,035 between July 2008 and July 2011. This has included 400 instances of data loss or theft, and 600 cases in which information has been inappropriately shared.
It claims the reaction to this has been inadequate, with just 50 employees being dismissed, and only one facing criminal sanctions.
In response, it says there should be custodial sentences and the imposition of criminal records for serious data breaches, claiming this could be done by applying Section 77 of the Criminal Justice and Immigration Act to violations under Section 55 of the Data Protection Act. The principle already has the support of various bodies including the Information Commissioner’s Office (ICO) and Parliament’s Justice Select Committee and Home Affairs Select Committee, it says.
Other recommendations include mandatory data protection training in local government and reporting breaches that concern members of the public. In addition, the report says there is a need for standardised reporting systems and ways for councils to deal with a breach, as this would help to build confidence.
“Both the public and the staff working in local authorities need to be able to trust that when a breach occurs it will be treated with the same approach across all organisations. This should include a duty to inform people when their personal information may have been involved in a breach,” it says.
The report also calls for the ICO to be able to use its assessment notice powers – through which it can conduct compulsory audits – in dealing with councils, in the same way it does for central government and the NHS.
In the period surveyed by Big Brother Watch, Brighton and Hove City Council reported the largest number of data breaches with 190. It was followed closely by Sandwell Council with 187 and Telford & Wrekin Council with 175.
Image: Electronic Frontier Foundation graphic, Creative Commons Attribution 3.0 through Wikimedia.