IPB

Welcome Guest ( Log In | Register )

> GDPR & West Berkshire Council, West Berkshire Council makes GDPR error
Villager
post Aug 12 2019, 01:17 PM
Post #1


Member
**

Group: Members
Posts: 11
Joined: 2-October 10
Member No.: 1,125



According to Newbury Weekly News, West Berkshire Council has fallen foul of the new GDPR (General Data Protection Rules) legislation on data protection.

https://www.newburytoday.co.uk/news/news/27...ata-breach.html

From the news item, I suspect that a council officer pasted the email addresses straight into the ‘To’ box instead of putting them in the Blind Copy box.

One unfortunate person wrote a reply and hit send which meant that her reply went to everyone on the list. This is a dreadful thing to happen.

Releasing email addresses is a release of personal data, not to mention facilitating a reply being distributed to other people who had no right to see it.

This is a very serious offence under GDPR and the penalties can be enormous. British Airways has been fined £183M and Marriot Hotels has been fined £99M by the Information Commissioner.

It is interesting to speculate how big a fine cash strapped West Berkshire Council will be hit for. Expect your council tax to rocket, or services to be cut further because of this incompetence

This is not the first time that West Berkshire Council has been in trouble with data protection issues.

Some years ago, there was problem over memory sticks held by officers. The memory sticks were not encrypted so the council issued all the officers concerned with new encrypted memory sticks. Unfortunately, they did not realise that it would be a good idea to recall all the unencrypted memory sticks, so officers kept them and continued to use them, not understanding the implications.

One of the unencrypted sticks had a whole load of personal data on it, and the council officer left it somewhere. It was recovered by a third party and the information was read.

Because of this breach, the Chief Executive, Nick Carter, was made by the Information Commissioner to sign a document which I seem to remember stated that he would improve data security. It seems that this is not happening.

Most business organisations have given their staff mandatory training on data protection because now under GDPR the penalties can be catastrophic, and enough to destroy a business.

I have worked for major banks for several decades, and mandatory online training for subjects like data protection has had to be done regularly by all staff and consultants (no exceptions). There was also an online test where the pass mark was 80%, which ensured that you had taken the training on board. Banks are extremely worried about reputational damage but West Berkshire Council is not apparently concerned. They do not have to worry about loss of customers.

It looks like GDPR training has not happened at West Berkshire Council, and it is us, the council taxpayers who will have to foot the bill for this incompetence


Go to the top of the page
 
+Quote Post
 
Start new topic
Replies
Andy Capp
post Aug 17 2019, 11:54 AM
Post #2


Advanced Member
***

Group: Members
Posts: 11,902
Joined: 3-September 09
Member No.: 317



It is stunning the mistakes people make where I work; simple things like not putting bulk addresses in BCC, and this is from many people who should know better.
Go to the top of the page
 
+Quote Post



Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Lo-Fi Version Time is now: 29th March 2024 - 03:18 PM