It is difficult to avoid news regarding data breaches by various Government departments at present, with two different police forces, the Department of Business, Energy and Industrial Strategy and the Department for International Trade all falling foul of the data protection legislation.
These data breaches have been discussed in more detail in previous blogs (see links at the bottom of this article).
A common thread in these data breaches is when Government bodies are responding to Freedom of Information requests, spreadsheets are provided with original source data identifying individuals within them where redactions were either not imposed on the document to remove such data or they were inadequately redacted so that the data could still be accessed. The distress that this could cause to individuals such as the police officers affected by the police data breaches can be quite severe.
The ICO
The ICO is responsible for ensuring that data protection legislation is complied with by any organisation in control of data relating to living individuals. Part of that role is educating organisations generally on best practices. With this in mind, the ICO has issued an advisory note to all Government departments in respect of their use of spreadsheets.
He has advised that organisations should:
- Stop using original source spreadsheets uploaded to online platforms when responding to Freedom of Information requests;
- Continually train staff that are responsible for disclosing data to third-party organisations; and
- Avoid using spreadsheets with thousands of lines of data and, with a view to fostering data integrity, one of the key principles of the data protection legislation, instead invest in a decent data management system.
The Information Commissioner, John Edwards, said:
“The recent personal data breaches are a reminder that data protection is, first and foremost, about people. We have seen both the immediate and ongoing impact that the release of such sensitive personal information has had on the individuals and families involved, and that is why I have taken this action.
“It is imperative that robust measures are in place to protect personal information. The advice we have issued sets out the bare minimum that public authorities should be doing to protect personal data when responding to information access requests, and to reassure the people they serve, and their staff, that their information is in safe hands.”
How can Nelsons help
Kevin Modiri is a Partner in our expert Dispute Resolution team, specialising in commercial disputes, insolvency, inheritance disputes, data breach claims and defamation claims.
If you have any questions concerning the subjects discussed in this article, please do not hesitate to contact Kevin or another member of the team in Derby, Leicester, or Nottingham on 0800 024 1976 or via our online enquiry form.
Contact usPrevious blogs