Welsh councils broke data protection laws 135 times
- Published
Five of the 22 local authorities said they had recorded no breaches last year
Councils in Wales broke data protection laws twice as often last year as they did in 2012, BBC Wales has learned.
Examples included a bag containing papers for a court case being left on a train, and sensitive personal data appearing on a website.
The laws were broken 135 times in 2013 compared to 60 breaches in 2012.
The Information Commissioner's Office (ICO) called for effective data handling to be "hardwired" into the culture of local authorities.
The details from the 22 councils have been obtained by BBC Wales through a Freedom of Information request.
It showed:
There were 45 breaches at Powys council of which 25 were confined internally to the council, while four were due to external providers of services and six were still under investigation. The council said training and revision of policies had been carried out since
Cardiff council recorded 14 breaches including financial information about 15 employees being given to third parties and information being stolen from an employee's car. A spokesperson said a number of new measures have been introduced
At Wrexham council there were 13 incidents, including one in the adult social care department where personal information was passed incorrectly to a third party
Gwynedd council had 10 breaches including personal details being mistakenly sent, and letters and emails being sent to the wrong people
Flintshire and Newport councils each recorded nine breaches, including a fax containing personal data being sent to the wrong care provider and "lost or stolen paperwork"
Caerphilly council said six breaches had occurred, one of which was a person's personal data being lost within the authority
A bag containing papers for a court case being left on a train, documents stolen from a private residence, and a letter, fax and email were sent to the wrong people were among five breaches at Anglesey council
Carmarthenshire council had five breaches, while Merthyr had four, Denbighshire reported three breaches and there were two at Pembrokeshire
Bridgend council had three breaches including a laptop being stolen from a car and a document containing sensitive personal data being sent to the wrong printer
Rhondda Cynon Taf council self-reported one breach to the ICO about disclosing personal information through email by accident and Torfaen council had one breach which was an email with personal information sent to the wrong recipient
Monmouthshire councilsaid there "were no significant breaches in 2013" while Conwy council said "some events occurred which included sending emails, a fax and correspondence to unintended recipients, and information stolen from a vehicle/property"
Five of the 22 councils - Blaenau Gwent, Ceredigion, Neath Port Talbot, Vale of Glamorgan and Swansea said they had recorded no breaches last year
Anne Jones, Assistant Information Commissioner for Wales, said: "It's important local authorities live up to their legal responsibilities under the Data Protection Act.
"Keeping people's personal information secure should be hardwired into their culture as losses can seriously affect reputations and as a consequence, service delivery".
- Published21 November 2013
- Published6 April 2013
- Published6 August 2013
