Local authorities warned to tighten up security

DATA security experts are warning local authorities to tighten their data handling procedures after two organisations received fines totalling £220,000 from the Information Commissioner’s Office.

The organisation has now handed out fines worth over £1 million-worth for data breaches, since being granted powers to impose higher penalties in April 2010.

Midlothian Council and Norfolk County Council are the latest councils that have been ordered to pay fines of £140,000 and £80,000 respectively for failing to keep highly sensitive child welfare information secure.

In the case of Midlothian Council the ICO fined them for disclosing highly sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions.

Anthony Pealgood, commercial director of PHS Datashred and Chair of the BSIA (British Security Industry Association) Information Destruction section, said:

“These recent high profile data security breaches highlight the importance of local authorities ensuring they have robust data protection procedures in place and that these are tested regularly. The hefty fines send out a stark warning to authorities and are an unwelcome expense at a time of public sector cuts.

“Confidential information is not just limited to physical copies of documents. Data on laptops, memory sticks and disks must also be treated in a secure and confidential manner.”

Tips to prevent public sector data leaks

1.         Create and test your confidential data policy – if you don’t have one already you are already in the high risk category for being a victim of data theft. Procedures should be tested regularly to highlight risks and any weak areas.

2.         Store & dispose of data safely – don’t assume that binning it is the end of the matter. Criminals rifle through bins in car parks where confidential data has been poorly disposed.

3.         Destroy data properly – Arrange for a fully accredited company to help store, collect and securely destroy information. Ensure you know where your data is heading. Even better, have your data destroyed on site, using a mobile shredding vehicle and watch the destruction.

4.         Secure your accounts – don’t allow bank details and other highly confidential information to escape into the public domain.

5.         Inform and train staff on how to deal with confidential data properly and monitor their behaviour. Remember, most data protection breaches are committed by people who work within the organisation. Ensure that reminders on handling confidential data are regularly communicated to staff.

7.         Beware of taking large amounts of confidential data out of the office or on unencrypted laptops, data sticks or mobile devices such as Blackberrys and iPhones. Unattended bags and small portable gadgets are magnets for thieves who can exploit your confidential information.



For further information or photography, please contact:

John Walding                        -                       0161 927 3131


Notes to Editors

Facts about PHS Datashred and the PHS Group

•          PHS was established in 1963 and is now one of the largest workplace service providers in the UK

•          In June 2001, PHS Group plc began trading on the London Stock Exchange in what was one of the biggest flotations of the year

•          At flotation, the company was valued at £414 million. In September 2001 it was admitted to the FTSE 250 index

•          In September 2005 the PHS Group was de-listed from the Stock Market, reverting to private ownership by Charterhouse in an acquisition valued at £600 million

•          PHS employs almost 5,000 staff, has over 100 branches in UK and Europe and provides services to over 250,000 customers

•          Annual turnover, for the year ending March 2010, was £355.6m