Walsall Council Sends Social Care Info to Wrong People

Walsall Council Sends Social Care Info to Wrong People

Walsall council is the latest local authority in the UK to have suffered a data breach after exposing the information of some residents receiving social care services to others.

The accident happened when the council came to send out annual statements related to social care.

Some of these were sent to the wrong people, and contained personal information on them including the kind of care being received and how much was being paid for it.

“I can confirm that some individuals have received a communication from the council that was not meant for them,” Walsall council senior information risk owner, Carol Williams, told the local Express & Star.

“The individuals concerned have already been contacted and steps have been taken for them to receive the correct information. The council takes all data protection issues seriously and is investigating the source of this error to reduce future risk.”

Social care as described on the council site includes supporting adults with mental health needs, physical and learning disabilities, and others, as well as their carers.

An ICO spokesperson told Infosecurity: “We’re aware of a possible incident at Walsall Council and are making enquiries.”

At first sight the incident would appear to be the result of a classic failure of data protection policy.

According to a Freedom of Information request filed by Egress, human error accounted for the vast majority of breaches (62%) reported to the ICO between January and April this year.

Of that 62% the joint most common reason for the breach was “data posted or faxed to the wrong recipient” (17%), alongside loss and theft of paperwork (17%).

Local authorities are regularly on the wrong end of ICO enforcement action following such incidents, highlighting that much work still has to be done to educate organizations and their staff about correct data handling.

According to the ICO’s website, in the past two to three months alone, Chester West and Chester Council, Wolverhampton City Council and West Dunbartonshire Council have all been dealt with by the watchdog.

Source: Information Security Magazine