Gateshead Council data breaches share health and debt details
- Published
A council has admitted a series of data breaches, including uploading personal medical details to an online forum.
Gateshead Council also sent letters containing private information to the wrong addresses and sent a debtor a list of other people who owed it money.
The 19 breaches happened in the ten months after new data protection rules came into force in May.
Council officer Tanya Rossington said "any organisation that deals with data will get breaches".
"Its about minimising the risks and trying to contain it," the information rights officer said.
Wrongly addressed letters were an "ongoing problem" and departments had "tried to implement measures where addresses are updated", she said.
Not fined
Of the 19 breaches, two had to be reported to the Information Commissioner's Office (ICO).
The ICO did not fine the council over the medical details breach because the forum was used by health professionals with duty of confidentiality, the Local Democracy Reporting Service said.
It has not yet ruled on a breach where someone in council tax arrears was sent the names and addresses of 53 other people owing the authority money.
Staff responsible for the breaches have been reminded to update addresses and double check recipients of emails.
They have also been given training and advice about secure methods of sharing data.
Other breaches include:
An educational psychologist's report sent to the wrong address
A worker losing a notebook containing someone's information
A fostering agency sent information about a child they were not caring for
Letters about care cases sent to the wrong recipients
A report sent to the wrong solicitor by email
Nine incidents of correspondence relating to housing benefit or council tax being sent with the correct data to the wrong people
A resident's data shared with her landlord without her permission