Two local councils are under fire after dozens of children’s personal information leaked online. Data breaches can lead to councils facing sanctions, and public sector technology leaders must provide rigorous staff training programs if they are to avoid such a fate.
It was revealed today that five children in Cornwall have posted their information online from the Cornwall Council. When publishing online documents for a meeting of the School Transport Complaints Board, the council accidentally published the names, addresses and dates of birth of the children. The Council referred the matter to the Office of the Commissioner for Information, According to BBC.
Earlier this week, a similar incident occurred involving the Central Council of Bedfordshire, which sent a request for freedom of information about children in its jurisdiction with special educational needs and disabilities who have not yet found a school. As part of its response to the request, the council publishes the names and personal data of the children.
Causes and consequences of data breaches by local councils
The consequences of such a breach could be severe, says Brian Higgins, a security specialist at the Comparitech cybersecurity platform. “Unfortunately, there is a long list of things that criminals can do with the types of information contained in these leaks, from direct contact [with the victims] to targeted phishing campaigns, ”he said.
Identity theft is a particularly high risk, Higgins continues. “Young people’s details are especially popular with organized crime gangs to create things like bank accounts, as they are less likely to be revealed because victims probably haven’t done so yet,” he explained.
The leak “is a clear failure to train all staff in their responsibilities under the General Data Protection Regulations (GDPR),” Higgins added. “Everyone responsible for the use of personal data in the UK must be aware of and follow the ‘data protection principles’,” he said. “There are six of them, and the last one clearly states that the information must be processed in a way that ensures adequate security, including protection against illegal or unauthorized processing, access, loss, destruction or damage.”
Content from our partners
These problems are a direct result of poor training, says Jawvad Malik, a leading advocate for security awareness at KnowBe4. “In many cases, these types of breaches come down to a lack of security training or awareness,” he said. “While everyone makes mistakes, having the right cybersecurity controls and proper training can significantly reduce risk.”
How can public sector technology leaders prevent data breaches?
Local authorities were injured 33 645 data breaches in pafter five years, according to figures obtained under the Freedom of Information Act from the VPN VPN review comparison site last year. Neither Cornwall Councils nor Central Bedfordshire Councils are in the top ten with the worst offenses, with Hampshire County Council claiming the number one spot with 3,759 violations found.
For technology leaders in the public sector tasked with protecting vast amounts of data, regular and rigorous training is the best way to reduce the risk of breaches, says Higgins of Comparitech. “The only way to combat these types of violations is to implement a mandatory, comprehensive, regular, tested training program for everyone, from cleaners to CEOs, backed by a decent incident response plan,” he said. “If you say you take these things seriously, you really should.”
Read more: Personal data breaches are declining – except in Russia