The extent of poor security processes at UK councils has been revealed, with 132 local authorities found to have lost data over the last three years.
That represents nearly a third of all councils in the UK, the Big Brother Watch (BBW) found.
There were a total of 1,035 incidents of data loss between 3 August 2008 and 3 August 2011, with only 55 reported to the Information Commissioner's Office (ICO), a BBW Freedom of Information (FOI) request uncovered.
The ICO may lack the power of compulsory audit, but they should be doing much more to highlight those councils who are not consenting to audits.
Plenty of data on children was lost too, with info relating to at least 3,100 youngsters compromised in 118 cases.
At least 244 laptops, 98 memory sticks and 93 mobile devices were lost.
"The ICO may lack the power of compulsory audit, but they should be doing much more to highlight those councils who are not consenting to audits. Our research does raise the question that some councils are not reporting the full picture, or even logging incidents as thoroughly as their counterparts," Nick Pickles, director of the BBW, told IT Pro.
"There needs to me much more enforcement of data protection, and much less movement of data between staff's personal computers and work machines. The more data that is held, and the more it is moved, the greater the risk to our privacy and not enough is being done to protect our personal information."
The worst offenders were Buckinghamshire and Kent with a total of 72 incidents each. Essex was third on 62, with Northamptonshire in fourth with 46.
Only nine incidents in total resulted in a member of staff being sacked.
"This research highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils," Pickles added in an official statement earlier today.
"The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting the privacy of their service users and local residents."
The BBW research was released just a day after Southwark Council was found in breach of the Data Protection Act. A computer and papers containing personal information of over 7,000 people were misplaced.
The council was not fined, but agreed to shore up its practices, as has been the case in most breaches of the Act.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
India’s new data protection bill continues to “facilitate state surveillance”News Although data localisation requirements have now been removed, it’s down to the Indian government to select which countries data is allowed to be sent to
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
