Research from Public Technology has highlighted the extent to which local councils across the UK may have put your data at risk during the Covid-19 pandemic.
Although local authorities have not been publishing data concerning data breaches, Public Technology was able to gather insight via Freedom of Information requests. The requests and replies received from 18 councils across the UK revealed a 12% increase in data breaches from April 2020 to March 2021 against the year before.
Concerning, but are the numbers accurate?
Public Technology ascertained that, among the 18 councils for which it requested data, there were 2,731 data breaches in 2020-21.
However, these numbers are likely a vast under-representation of the accurate scale of the problem.
While local authorities are obliged to record data breach incidents, the law is wide open to interpretation. As such, the number of data breaches recorded and reported to the Information Commissioner’s Office (ICO) can vary wildly from council to council. Indeed, many councils have different thresholds even for internal logging of data breaches.
While the ICO website has a self-assessment form to help organisations understand if they must report a breach, it would appear this isn’t being used to any great extent. Although a useful tool, even the ICO’s self-assessment is open to interpretation. The reporting party must make assessments and base its answers on their own beliefs and assumptions.
It’s tough not to conclude that a significant volume of data is at risk in local authorities from incidents that we’ll never hear about!
LawPlus can help you claim compensation if a local authority has exposed your data. Contact us now!
Did the pandemic directly lead to data breaches?
Reports from across the media highlight how cybercrime has become increasingly frequent since the start of the Covid-19 pandemic.
While the news focuses on romance fraud, PayPal scam texts, and Royal Mail delivery scams, there are around 20 million cyberattacks on government systems – including those of local authorities – every year.
Maybe their frequency means we only get to hear about new risks thanks to their “novelty factor.”
Yet, if your data is involved in a local authority data breach, there is potential for severe consequences.
One of the most significant risk factors surrounding data undoubtedly came from the shift to working from home. In many cases, such a shift would have happened overnight. While local authorities will (or should!) have all had plans and procedures in place around operational continuity, having vast numbers of employees working away from the office and potentially accessing and working with data on their personal devices is an enormous risk.
In addition to these circumstances, we also know that a significant volume of data breaches result from human error. With the additional distractions of working from home, whether television, the kids, or something else, there is a far greater risk of something going wrong.
Has your local authority been involved in a data breach involving your details? You may be entitled to compensation! Contact us now for a FREE assessment of your claim!
What role does the ICO play?
The ICO is somewhat notorious for its “carrot over stick” approach.
Local authorities reporting data breaches to the ICO typically receive guidance around steps they should take to minimise risk from a recent data breach and the chances of another occurring in the future.
This was borne out when Public Technology furthered their research by asking the 18 councils about the consequences of the data breaches they had reported. Although Suffolk Council said it had received a “reprimand,” many councils appear to have been told to do little more than ensure processes are in place and that they’re doing basic things right!
If nothing else, this highlights how avoidable the vast majority of data breaches are!
The ICO does have the power to levy fines against businesses and organisations guilty of severe or repeat data breaches or where they fail to report breaches to the ICO in due course.
If the ICO has found your local authority guilty of a data breach, you may be entitled to compensation if your privacy was compromised. Contact us now for a FREE assessment of your claim!
While we prefer to await the outcome of any ICO investigation before we bring a claim against a local authority, we may be able to investigate a data breach on your behalf. In some cases, it may be that the ICO hasn’t yet been notified and, therefore, been unable to investigate. If you believe your privacy has been compromised due to a local authority data breach, we can help you!
What can I claim for?
Although a data breach claim may lead to higher compensation if you have suffered financial loss due to your details being accessed, you can claim purely on the basis of your data having been involved in a breach.
You can claim against local authorities, specific local authority departments, and even against individual officials if they’re liable for your data being put at risk.
If your data has been exposed due to a local authority data breach, contact LawPlus today!