A report published today has again highlighted the regularity with which the Data Protection Act 1998 (DPA) is being breached by public sector organisations.  A report by Big Brother Watch details that between 2008 and 2011, 132 local authorities in the UK lost data in over 1000 separate incidents. 

The report lists "indicative" breaches of the DPA and includes the loss of laptops and USB sticks and errors where data had been faxed, emailed or posted to the incorrect recipient.

The DPA was amended last year to provide the Information Commissioner's Office (ICO) with increased enforcement powers.  The ICO now has the ability to fine an organisation, up to £500,000, for a breach of the DPA and it is clear that the ICO intends to use this new power as significant fines have already been levied. The ICO has also expressed a wish for further powers to allow them to compulsorily audit organisations to determine their level of data protection compliance.  At present, an audit of a local authority can only take place with consent.

Coupled with these new powers and the desire to improve data security, the ICO has indicated that the public sector must "get it right" in terms of the systems in place to ensure that data is kept securely and is not misused or lost.  With this in mind, local authorities must ensure that their data protection systems are robust and that lessons are learned from other public sector data losses. 

Authorities should take this opportunity to review all ways in which personal data is stored and processed to ensure that there are appropriate technical and organisational measures in place to guarantee its security.  The ICO has indicated that encryption of any portable and mobile devices is a reasonable step that they would expect public sector bodies to take: "encryption is a basic procedure and an inexpensive way to ensure that information is kept secure. But, to their detriment, not enough data handlers are making use of it". 

With data losses becoming increasingly newsworthy and public sector bodies firmly within the sights of the ICO's new enforcement powers, all authorities will need to prioritise their data protection compliance if enforcement action and potentially heavy fines are to be avoided.

Bevan Brittan has dedicated lawyers who are able to advise all public sector organisations on managing and avoiding breaches of data security and on the DPA more generally. If you would like more information or would like to discuss anything raised in this update, please contact James Cassidy at james.cassidy@bevanbrittan.com

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences. For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

We'd like to set Google Analytics cookies to help us to improve our website by collection and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.
For more information on how these cookies work, please see our Cookies page.