Gateshead Council has reportedly recorded more than 50 data breaches so far this year, mostly due to “human error”.
According to documents seen by ChronicleLive, include using incorrect email addresses, attaching incorrect documents, and sending letters to incorrect addresses. Personal and medical data were uploaded online and data was sent to the wrong recipients.
“The breach at Gateshead Council sheds light on the widespread occurrence of data breaches. While they are often attributed to human error, they are also a systemic problem,” said Tim Ward, CEO and co-founder of Think Cyber Security .
“Simply instructing people through training courses is not enough; we must recognize the broader context. While a fundamental understanding of data management is crucial, many errors occur in high-pressure situations, when we rush to comply with deadlines or check emails. “.
In one example, a resident with council tax arrears was sent the information of 53 other people who also owed money; in another, a foster agency sent information about a child who was not in its care.
A psychological report was sent to the wrong address, a report was sent to the wrong attorney, an employee lost a notebook containing personal data, and a resident's information was shared with a landlord without permission.
“Cases such as using incorrect email addresses, attaching incorrect documents or sending confidential information to the wrong recipients are not uncommon. They highlight the critical need for organizations to prioritize ongoing staff training on data handling procedures. data and cybersecurity best practices,” said Erfan Shadabi. , cybersecurity expert at comforte AG.
“Effective training programs can equip employees with the knowledge and skills necessary to identify and mitigate potential risks and ultimately reduce the likelihood of data breaches resulting from human error.”
Gateshead Council referred two breaches to the Information Commissioner's Office (ICO) in 2023.
One of them involved testing data that was published in error on certain websites operated by the council, and the other included social work or occupational health data that was published at an outdated address. The data protection watchdog took no further action.
The news follows concerns raised last year by the BBC. Local Democracy Reporting Servicewhich reported that violations at the council increased from 66 in 2022 to more than 120 in 2023.
At the time, the authority attributed the increase in reported violations to better training and greater awareness of the problem among staff.
“It is commendable that there is a structured procedure for council officers to quickly report breaches. This not only demonstrates a proactive stance towards regulatory compliance, particularly with the strict deadlines imposed by the ICO, but also reflects an understanding of the importance of a rapid response to mitigate the potential harm of such breaches,” said Javvad Malik, lead security awareness advocate at KnowBe4.
“However, this situation also highlights the critical need for continued education and training for all people who handle sensitive information. Simple errors should not be underestimated, as they can lead to significant privacy violations and erode public confidence in how “Your data is managed. A culture of cybersecurity and mindfulness are vital steps in reducing these types of incidents.”