Redcar and Cleveland Council: Four serious data breaches reported

  • Published
Redcar and Cleveland CouncilImage source, Google
Image caption,

The council reported four serious breaches of personal data from a total of 60 breaches in 2021

Redcar and Cleveland Borough Council had to report four serious breaches of personal data to the Information Commissioner's Office (ICO) last year.

But the council escaped without punishment for any of the incidents.

In total, there were 60 data breaches in 2021, but most did not meet the ICO's threshold to be passed to them.

A council spokesman said: "We are ensuring all relevant staff are updated on the latest procedures to be followed to protect information and data."

It comes after the council suffered a cyber-attack in February 2020 which cost it £8.7m and left about 135,000 people without online access to public services, with frontline council staff resorting to using pens and paper.

'Actions taken'

The Local Democracy Reporting Service said a council report had shown two of the breaches involved reports and paperwork being disclosed to the wrong people.

A third concerned a "sensitive" report which allegedly did not arrive at its intended destination, and the final breach was down to "unauthorised access" with a subsequent disclosure of information.

According to General Data Protection Regulation (GDPR), any breaches by a company or organisation must be reported to the ICO within 72 hours of becoming aware of them, and huge fines can be issued if the law on processing personal data is broken.

However, the ICO said in its report it was "content with the actions already taken" by the council and no further action was necessary.

Follow BBC North East & Cumbria on Twitter, external, Facebook, external and Instagram, external. Send your story ideas to northeastandcumbria@bbc.co.uk, external.

Around the BBC