Local government needs to "do better" on data breaches, Information Commissioner says

The Information Commissioner, John Edwards, has urged councils to do more to reduce the number of data breaches and improve data protection for people in vulnerable situations.

The call comes as qualitative research conducted by the Information Commissioner's Officer (ICO) revealed experiences of people having to move homes, feeling forced out of their jobs and facing discrimination as a result of data breaches they had experienced.

The research also found that victims of data breaches felt the real impact on their lives was insufficiently recognised by the organisation responsible.

The new figures revealed that nearly 30 million people in the UK have experienced a data breach.

In total, 55% of UK adults reported having had their data lost or stolen, with 30% of them experiencing emotional distress as a result.

One in four (25%) said they received no support from the organisations responsible and 32% found out through the media rather than from the organisation itself.  

In an article published alongside the figures, Edwards said people in vulnerable situations - such as survivors of domestic abuse and those living with long-term health conditions - are often disproportionately affected by breaches.

He said these people may already be in precarious situations, and the unauthorised disclosure of their personal data can heighten the risks they face.

john edwards printThis may particularly be the case when data breaches occur at a local government level due to the sensitivities of the information these organisations hold, he added.

Figures from the ICO show that local government consistently ranks as one of the top areas for reported data breaches, with nearly 1 in 10 reports originating from the sector. 

The watchdog said that many of these incidents resulted from human error, lack of proper security measures, or outdated systems that were not equipped to handle modern data protection requirements.

The Commissioner said: "We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches.

"This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations.

"We need local government to do better."

Edwards also noted that organisations must be empathetic and take action.

He said: "You have a role to stop the negative ripple effect in someone's life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn't happen again."

The ICO has published new guidance to support organisations to "communicate with empathy" after a data breach, which suggests frontline colleagues promptly assess the risks to the individual involved and acknowledge what has happened with the person affect by the breach.

The guidance adds that staff should "be human and accessible" in their response and commit to making sure it does not happen again.

Adam Carey