Details of 'vulnerable kids' uploaded to Birmingham City Council website in 'serious' data breach - Birmingham Live
Details of 'vulnerable kids' uploaded to Birmingham City Council website in 'serious' data breach
Information watchdog alerted to the authority's 'error', which it confirmed involved personal details of a 'number of citizens'
Data, said to relate to youngsters entitled to free bus passes, was uploaded "in error" by staff and was "potentially available externally", the authority said in an email raising the alarm, sent on Friday, March 19.
The details were added to the Brum account, the facility which allows taxpayers to access and book a range of services.
The council email said the Information Commissioner's Office, the responsible watchdog, had been informed "due to the scale and serious nature of this incident".
The authority told BirminghamLive the alert was sent as a "precaution", the mistake was "rectified as soon as we became aware" and the data was not downloaded. It said the ICO was not planning any action and the council would "learn from this issue".
But the deputy leader of the council's Tory group, Coun Ewan Mackey, said it was the latest data error from the authority and did not inspire confidence.
RELATED ARTICLES
Fears sex offender hired to transport kids in Birmingham after criminal checks failurebirminghammail
'How safe are our children?' - After boy left abandoned in Birmingham the school transport scandal continuesbirminghammail
Coun Mackey, who received the email raising the alarm, said: “First, they allowed staff with a failed DBS (disclosure and barring service) check in the school transport.
“Now, they have just published thousands of vulnerable children’s data to a publicly-accessible part area of Birmingham City Council’s website.
Omaze
On 9th April 2021, you could become the owner of this fully furnished luxury London townhouse.
UK Funeral Plans
The Surprising Truth About Burials In Surrey
by TaboolaSponsored Links
“Organised crime gangs running the now-infamous county lines pay highly for this information to recruit them into a life of crime.
“Birmingham City Council should be protecting all residents, especially our children from county lines - not making vulnerable children’s details available on the council website.”
RELATED ARTICLES
Birmingham SEND school transport drivers have all passed DBS checks, assurances finally madebirminghammail
Dogged by scandal but hopes Birmingham home-to-school transport will be 'best' in the countrybirminghammail
In the alert, the council said: “A data breach has come to light, involving the personal data of a number of citizens being uploaded – by staff from certain service areas - to the Brum Account in error, potentially making the data available externally, to others who did not need to see it.
“Due to the scale and serious nature of this incident, the Information Commissioner’s Office (ICO) has been notified in line with the formal data breach process.”
RELATED ARTICLES
Around 150 mourners attending two funerals at Sutton New Hall Cemetery caused traffic problems at the weekend
Fury as 150 gather outside Sutton Coldfield cemetery for funerals causing traffic chaos in streetbirminghammail
Parents fury over kids missing out on Sutton Coldfield secondary school placesbirminghammail
The council’s alert added: “To minimise the risk of future data breaches, it’s essential for us all to follow the important online data protection guidance, to fully understand our own responsibilities for ensuring data security and the implications of non-compliance and data breaches.
Get email updates with the latest Politics news
The Politics newsletter goes out twice a week and has a selection of our most popular articles, reporting on the latest headlines from the council, parliament ,the latest building developments, transport plans and more. We have you covered.
It is delivered free of charge direct to your email inbox twice a week, giving you all the news you need from across the region at your fingertips.
How do I sign up?
First just click on this link to our newsletter sign-up centre.
Once you're there, put your email address where it says at the top, then tick the Weekly Politics Email updates box. There are other newsletters available if you want them as well.
When you've made your choice, hit Save Changes button at the bottom.
“So always be mindful of the data protection implications before sharing or uploading personal data.
“Failure to follow the data protection principles, particularly the Integrity and Confidentiality principle, can put the council at risk of reputational damage, fines, enforcement action, prosecution and compensation claims.
“Also remember that if any of the council’s information has been lost, leaked or accessed in an unauthorised way, you must report it immediately upon discovery, in accordance with the formal reporting process.
What has the city council said?
(Image: Darren Quinton/Birmingham Live)
A spokeswoman for Birmingham City Council said: “The email sent to staff was purely precautionary and intended to remind staff about their data protection responsibilities to minimise the risk of future data breaches.
“The mistake mentioned was rectified as soon as we became aware. We notified the ICO in line with our legal obligations and they have confirmed they are satisfied with the way in which we have dealt with the matter and will not be taking any action.
“There is no evidence that any data on vulnerable children was compromised and the uploaded data was not visible to all Brum Account users.
What is happening where you live? Find out by adding your postcode or visit InYourArea
“Brum Account data is secure and held on the council’s network. Brum Account users can only access their own data via a secure password. Our investigations confirm the erroneously-uploaded data was not accessed or downloaded and was removed promptly.
“Although the ICO has stated it does not intend to take any further action, we are taking the opportunity to learn from this issue by ensuring staff are fully aware of the data protection obligations.”
What has the Information Commissioner’s Office said?
An ICO spokesperson said: “Our aim is to protect people from poor organisational practices that put their personal information at risk.
“We have a range of powers to help us do that, including working with an organisation to check the right policies are in place.
“Birmingham City Council reported this incident to the ICO and following enquiries, we decided that approach was sufficient in this case. We provided data protection advice to the council and decided that formal enforcement action was not required at this time.
“We expect the council to update us if new information that affects the circumstances of this case comes to light.”
Information watchdog alerted to the authority's 'error', which it confirmed involved personal details of a 'number of citizens'
Data, said to relate to youngsters entitled to free bus passes, was uploaded "in error" by staff and was "potentially available externally", the authority said in an email raising the alarm, sent on Friday, March 19.
The details were added to the Brum account, the facility which allows taxpayers to access and book a range of services.
The council email said the Information Commissioner's Office, the responsible watchdog, had been informed "due to the scale and serious nature of this incident".
The authority told BirminghamLive the alert was sent as a "precaution", the mistake was "rectified as soon as we became aware" and the data was not downloaded. It said the ICO was not planning any action and the council would "learn from this issue".
But the deputy leader of the council's Tory group, Coun Ewan Mackey, said it was the latest data error from the authority and did not inspire confidence.
RELATED ARTICLES
Fears sex offender hired to transport kids in Birmingham after criminal checks failurebirminghammail
'How safe are our children?' - After boy left abandoned in Birmingham the school transport scandal continuesbirminghammail
Coun Mackey, who received the email raising the alarm, said: “First, they allowed staff with a failed DBS (disclosure and barring service) check in the school transport.
“Now, they have just published thousands of vulnerable children’s data to a publicly-accessible part area of Birmingham City Council’s website.
Omaze
On 9th April 2021, you could become the owner of this fully furnished luxury London townhouse.
UK Funeral Plans
The Surprising Truth About Burials In Surrey
by TaboolaSponsored Links
“Organised crime gangs running the now-infamous county lines pay highly for this information to recruit them into a life of crime.
“Birmingham City Council should be protecting all residents, especially our children from county lines - not making vulnerable children’s details available on the council website.”
RELATED ARTICLES
Birmingham SEND school transport drivers have all passed DBS checks, assurances finally madebirminghammail
Dogged by scandal but hopes Birmingham home-to-school transport will be 'best' in the countrybirminghammail
In the alert, the council said: “A data breach has come to light, involving the personal data of a number of citizens being uploaded – by staff from certain service areas - to the Brum Account in error, potentially making the data available externally, to others who did not need to see it.
“Due to the scale and serious nature of this incident, the Information Commissioner’s Office (ICO) has been notified in line with the formal data breach process.”
RELATED ARTICLES
Around 150 mourners attending two funerals at Sutton New Hall Cemetery caused traffic problems at the weekend
Fury as 150 gather outside Sutton Coldfield cemetery for funerals causing traffic chaos in streetbirminghammail
Parents fury over kids missing out on Sutton Coldfield secondary school placesbirminghammail
The council’s alert added: “To minimise the risk of future data breaches, it’s essential for us all to follow the important online data protection guidance, to fully understand our own responsibilities for ensuring data security and the implications of non-compliance and data breaches.
Get email updates with the latest Politics news
The Politics newsletter goes out twice a week and has a selection of our most popular articles, reporting on the latest headlines from the council, parliament ,the latest building developments, transport plans and more. We have you covered.
It is delivered free of charge direct to your email inbox twice a week, giving you all the news you need from across the region at your fingertips.
How do I sign up?
First just click on this link to our newsletter sign-up centre.
Once you're there, put your email address where it says at the top, then tick the Weekly Politics Email updates box. There are other newsletters available if you want them as well.
When you've made your choice, hit Save Changes button at the bottom.
“So always be mindful of the data protection implications before sharing or uploading personal data.
“Failure to follow the data protection principles, particularly the Integrity and Confidentiality principle, can put the council at risk of reputational damage, fines, enforcement action, prosecution and compensation claims.
“Also remember that if any of the council’s information has been lost, leaked or accessed in an unauthorised way, you must report it immediately upon discovery, in accordance with the formal reporting process.
What has the city council said?
(Image: Darren Quinton/Birmingham Live)
A spokeswoman for Birmingham City Council said: “The email sent to staff was purely precautionary and intended to remind staff about their data protection responsibilities to minimise the risk of future data breaches.
“The mistake mentioned was rectified as soon as we became aware. We notified the ICO in line with our legal obligations and they have confirmed they are satisfied with the way in which we have dealt with the matter and will not be taking any action.
“There is no evidence that any data on vulnerable children was compromised and the uploaded data was not visible to all Brum Account users.
What is happening where you live? Find out by adding your postcode or visit InYourArea
“Brum Account data is secure and held on the council’s network. Brum Account users can only access their own data via a secure password. Our investigations confirm the erroneously-uploaded data was not accessed or downloaded and was removed promptly.
“Although the ICO has stated it does not intend to take any further action, we are taking the opportunity to learn from this issue by ensuring staff are fully aware of the data protection obligations.”
What has the Information Commissioner’s Office said?
An ICO spokesperson said: “Our aim is to protect people from poor organisational practices that put their personal information at risk.
“We have a range of powers to help us do that, including working with an organisation to check the right policies are in place.
“Birmingham City Council reported this incident to the ICO and following enquiries, we decided that approach was sufficient in this case. We provided data protection advice to the council and decided that formal enforcement action was not required at this time.
“We expect the council to update us if new information that affects the circumstances of this case comes to light.”