Sheffield Council lost document of children’s names - authority’s data breaches exposed

Sheffield Town Hall
Sheffield Town Hall
Have your say

Confidential data has been lost, misplaced or leaked by Sheffield Council 22 times since February 2012, The Star can reveal today.

The information includes eight letters sent to the wrong address and a document which contained children’s names going missing.

In one breach, a spreadsheet naming 1,729 people who received payments from the council was published online.

Other lapses include a file containing financial information and staff payment details going missing and a paper notebook and diary which contained personal data being stolen from a vehicle.

The document of children’s names detailed potential equipment requirements for city schools to help with physical access and contained the first names of children.

The information was revealed after a Freedom Of Information Act request was submitted by The Star under the Your Right To Know campaign.

Sheffield Council told The Star the authority only started to log incidents in February 2012 and has since logged 22.

One log, from November 3, 2013, stated: “Letter from a customer given to a former employee in error. Disclosed name and address of the customer only.”

Another, from September 12, 2012, said: “Documents containing personal data handed into the Sheffield Star newspaper. Information Commissioner notified. Recommendations outlined by the ICO.”

A log from November 16, 2012, stated: “Meeting report emailed to the wrong place – officer visited to ensure email deleted.”

A statement from the authority as part of its response added: “We started to log information security incidents from February 2012 and have since logged 22 incidents which relate to information which has been sent to the wrong place, lost or leaked, whereby initial reviews and investigations will have taken place.

“In the majority of incidents we have immediately recovered the information when an incident has been reported.

“In line with guidance from the Information Commissioners Office and our proactive approach, their office has been notified of two breaches since February 2012.

“Recommendations were provided with one incident and with another incident no further action or recommendations were provided.

“Although we have more than 6,000 employees handling hundreds of thousands of records on a daily basis, we have never been fined by the Information Commissioner, when various other authorities have.”