Data watchdog demands improvements from councils and organisations across all sectors and issues reminder that a breach is ‘not just an admin error: it is a failure to protect someone’
The Information Commissioner’s Office has instructed local authorities around the country that they must do more to prevent data breaches and show “empathy” to those affected by them.
The watchdog claims that its research indicates that almost 30 million people across the UK have been impacted by a data breach, with 55% of adults having had their sensitive information stolen or misplaced.
Of these victims, 30% said that they have experienced emotional distress as a result of a breach, and a quarter indicated that they were not provided with any support by the organisation that lost their data. One in three found out about the incident from the media, rather than being informed directly.
Related content
- ‘Cover-ups don’t help anyone’ – how the ICO changed tack with the public sector
- ICO issues data protection warning over domestic abuse victims after DWP and local councils reprimanded
- Information commissioner: ‘I want us to be for all of society – not just those with the resources to access data protection’
More in-depth feedback gathered by the ICO “revealed experiences of people having to move homes, feeling forced out of their jobs and facing discrimination as a result of data breaches they had experienced…. [and] they felt the real impact on their life was insufficiently recognised by the organisation responsible”, according to the regulator.
In an article published alongside these research findings, commissioner John Edwards said that organisations of all kinds – and in particular local authorities, which process huge amounts of important citizen data – need to understand “two important things – empathy and action”.
“You have a role to stop the negative ripple effect in someone’s life from spreading further,” he wrote. “It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again. We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches. This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need local government to do better.”
Edwards added: “The ICO is here to help you navigate these challenges. But make no mistake: we expect more from you. The ICO remains committed to working alongside organisations to help them improve their data protection practices, and has published new guidance to support in this endeavour. The stakes are too high to get it wrong. At the end of the day, it’s not just about protecting data. It’s about protecting people.”