GDPR Data Disclosures Hit Gateshead Council
Who: Gateshead Council
# of Accounts Breached: 19 breaches
What was affected: Private information including personal medical details
When it happened: May 2018 – March 2019
How it happened: A council has admitted a series of data breaches, including uploading personal medical details to an online forum. Gateshead Council also sent letters containing private information to the wrong addresses and sent a debtor a list of other people who owed it money. The 19 breaches happened in the ten months after new data protection rules came into force in May.
Outcome: Of the 19 breaches, two had to be reported to the Information Commissioner’s Office (ICO). The ICO did not find the council over the medical details breach because the forum was used by health professionals with the duty of confidentiality, the Local Democracy Reporting Service said. It has not yet ruled on a breach where someone in council tax arrears was sent the names and addresses of 53 other people owing money to the authority.
Staff responsible for the breaches have been reminded to update addresses and double check recipients of emails.
They have also been given training and advice about secure methods of sharing data.