ICO tells local government to show ‘empathy and action’ on data protection


Data watchdog demands improvements from councils and organisations across all sectors and issues reminder that a breach is ‘not just an admin error: it is a failure to protect someone’

The Information Commissioner’s Office has instructed local authorities around the country that they must do more to prevent data breaches and show “empathy” to those affected by them.

The watchdog claims that its research indicates that almost 30 million people across the UK have been impacted by a data breach, with 55% of adults having had their sensitive information stolen or misplaced.

Of these victims, 30% said that they have experienced emotional distress as a result of a breach, and a quarter indicated that they were not provided with any support by the organisation that lost their data. One in three found out about the incident from the media, rather than being informed directly.


Related content


More in-depth feedback gathered by the ICO “revealed experiences of people having to move homes, feeling forced out of their jobs and facing discrimination as a result of data breaches they had experienced…. [and] they felt the real impact on their life was insufficiently recognised by the organisation responsible”, according to the regulator.

In an article published alongside these research findings, commissioner John Edwards said that organisations of all kinds – and in particular local authorities, which process huge amounts of important citizen data – need to understand “two important things – empathy and action”.

“You have a role to stop the negative ripple effect in someone’s life from spreading further,” he wrote. “It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again. We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches. This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need local government to do better.”

Edwards added: “The ICO is here to help you navigate these challenges. But make no mistake: we expect more from you. The ICO remains committed to working alongside organisations to help them improve their data protection practices, and has published new guidance to support in this endeavour. The stakes are too high to get it wrong. At the end of the day, it’s not just about protecting data. It’s about protecting people.”

Sam Trendall

Learn More →