Data breaches can happen at any time, have multiple causes and vary in scale. Those caused by human error are becoming increasingly common – as Gateshead Council is only too aware, having suffered a shocking 19 breaches in 10 months.
Of these incidents, 2 had to be reported to the ICO (Information Commissioner’s Office). One, in which a patient’s mental health information was accidentally uploaded to an online forum, saw no further action taken by the ICO as the forum was used by healthcare professionals who have a duty of confidentiality. The other, in which a council tax liability schedule sent to a debtor contained the names and addresses of 53 other debtors, is still being reviewed.
The other breaches
- An educational psychologist’s report was sent to the wrong address. It was retrieved, and the address was updated on the system.
- An employee lost a notebook containing service user information. The employee re-traced their steps and was “provided with advice about secure methods of accessing service user data when off site”.
- A foster agency received information about a child not in its care. The report was destroyed, a correct record was sent, and staff were reminded to ensure information was only sent to the correct recipients.
- Two incidents occurred when inaccurate addresses resulted in information on care services being sent to the wrong recipients.
- Nine separate incidents saw correspondence relating to benefits or council tax sent to the wrong recipients.
- A resident’s data was shared with their landlord without their permission.
While it appears as if the wrong information on systems is a persistent problem at Gateshead Council, there are steps employees can take to help prevent breaches, such as double-checking recipients before sending an email.
It’s vital to educate staff who have access to sensitive data to ensure they know how to handle it appropriately and have a comprehensive understanding of data protection and information security best practices. Often, not enough emphasis is put on employees’ responsibilities; they need to be aware of the consequences of careless behaviour and bad habits.
You can reduce the risk of employee-related information security incidents with staff awareness training. E-learning courses are often a preferred method thanks to their flexible, cost-effective nature, delivering training to multiple users with minimal disruption.
To help you find the right training solution for your organisation, we now offer free, no-obligation trials of all our courses, allowing you to see them in action and decide if they’re right for you.