Personal information of foster parents was shared with the person they had fostered because of a council’s data protection breach.
The blunder was revealed after Bedfordshire on Sunday submitted a Freedom of Information request to Central Bedfordshire Council.
Since the authority’s creation in 2009 there have been five data protection breaches, the most recent being in April this year when a technical failure resulted in non-sensitive secure information held on planning files being accessible to the public via the website.
The matter was reported to the Information Commissioner’s Office (ICO) which determined that the council had taken the appropriate action by removing it as soon as possible and no further measures were necessary.
Four breaches took place in 2010. In March, a school transport timetable with names and dates of birth of six children who used that route was accidentally sent to a parent.
Again it was reported to the ICO and the service implemented several process changes to ensure that it couldn’t happen again. Then in July, a ‘Subject Access Request’ led to a file containing personal data of foster parents being shared with the person they had fostered although it didn’t contain any sensitive personal information.
An apology was issued by the service area and changes were put in place to prevent the same thing taking place again.
The other two breaches reported were: June 2010 - Customer email addresses were disclosed to other customers by Carbon Copy rather than withheld by using Blind Copy. An apology was made along with process changes.
September 2010 - Non sensitive details of two customers were mixed up resulting in information being sent out incorrectly.
The details were retrieved by the service which also apologised.
Cllr Maurice Jones (pictured), executive member for corporate services at Central Beds Council said: “The small number of breaches which have occurred relate mainly to personal data and not sensitive personal data.
“After every breach we have apologised to those involved and acted swiftly to put measures in place to ensure this does not happen again.” Meanwhile Bedford Borough Council said it was aware of nine data protection breaches since 2009 which have been reported centrally to the authority’s senior management team. But it said it couldn’t give out all the details as it would take too long.
A spokesman said: “Where breaches are reported, the council takes immediate and swift action to recover the data and inform those affected.
“The council also investigates the series of events which led to the breach and puts measures in place to ensure it does not happen again.”
