BreachExchange mailing list archives
Sheffield council investigating 'extremely serious' confidential data breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 13 Sep 2012 03:03:39 -0400
http://www.publicservice.co.uk/news_story.asp?id=20862 Sheffield City Council is to face questions from the UK's information watchdog and has begun its own investigation into what council officials have admitted to be an "extremely serious breach of confidential information". Documents containing information about mental health patients were reported to have been involved in the alleged data breach. Local newspaper The Star claimed the paperwork had been "blowing around" a city street. A council spokesman told Publicservice.co.uk that a member of the public had discovered the documents before handing them to the newspaper. On being informed, a council representative was said to have immediately retrieved the files from the newspaper. The council has now launched an investigation into the matter and also said it had informed the Information Commissioner's Office (ICO) which has the power to fine up to £500,000 for serious breaches of the Data Protection Act. Eddie Sherwood, Sheffield's director of care and support for communities, said: "This is an extremely serious breach of confidential information and we are taking the matter very seriously. "As a large organisation which deals with the public we have strict procedures in place to stop this from happening. "Unfortunately this appears not to have happened here and we have launched an immediate investigation. "People need to have confidence that we will keep their personal details safe and we will get to the bottom of how this happened." A spokesman for the ICO told Publicservice.co.uk that it was "aware of a possible data breach involving Sheffield council" and that it would be "making enquiries into the circumstances before deciding what action, if any, needs to be taken". The news follows a number of high profile breaches in local councils, the NHS, central government and other public sector bodies. With data breach fines on the rise, the ICO has already fined one council £250,000 in September after pension records, bank details and salary information on hundreds of staff were found dumped in supermarket car park recycling bins. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Sheffield council investigating 'extremely serious' confidential data breach Jake Kouns (Sep 14)