Sheffield council investigating 'extremely serious' confidential data breach

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.publicservice.co.uk/news_story.asp?id=20862

Sheffield City Council is to face questions from the UK's information
watchdog and has begun its own investigation into what council
officials have admitted to be an "extremely serious breach of
confidential information".

Documents containing information about mental health patients were
reported to have been involved in the alleged data breach.

Local newspaper The Star claimed the paperwork had been "blowing
around" a city street.

A council spokesman told Publicservice.co.uk that a member of the
public had discovered the documents before handing them to the
newspaper.

On being informed, a council representative was said to have
immediately retrieved the files from the newspaper.

The council has now launched an investigation into the matter and also
said it had informed the Information Commissioner's Office (ICO) which
has the power to fine up to £500,000 for serious breaches of the Data
Protection Act.

Eddie Sherwood, Sheffield's director of care and support for
communities, said: "This is an extremely serious breach of
confidential information and we are taking the matter very seriously.

"As a large organisation which deals with the public we have strict
procedures in place to stop this from happening.

"Unfortunately this appears not to have happened here and we have
launched an immediate investigation.

"People need to have confidence that we will keep their personal
details safe and we will get to the bottom of how this happened."

A spokesman for the ICO told Publicservice.co.uk that it was "aware of
a possible data breach involving Sheffield council" and that it would
be "making enquiries into the circumstances before deciding what
action, if any, needs to be taken".

The news follows a number of high profile breaches in local councils,
the NHS, central government and other public sector bodies.

With data breach fines on the rise, the ICO has already fined one
council £250,000 in September after pension records, bank details and
salary information on hundreds of staff were found dumped in
supermarket car park recycling bins.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.