ICO Reveals Latest City Council Data Breach – Training Is Not Enough To Prevent Breaches

The Information Commissioner’s Office (ICO) has released a new report into a data breach by Wolverhampton City Council in which the payroll of almost 10,000 people was accidentally sent to an external recipient. Justine Cross, regional director at Watchful Software.

Justine Cross, Regional Director at Watchful Software:

“The ICO’s latest report following a breach at Wolverhampton City Council demonstrates that local authorities and other organisations need to shift their data handling policies beyond training. Emailing the wrong recipient is the most common digital cause of data security incidents reported to the ICO, and even a well-trained, vigilant employee can make that split-second mistake.

“While regular data handling training should be standard, organisations can prevent these breaches by protecting all sensitive data directly. All files on the network should be classified by order of sensitivity, and confidential information such as payroll data can then be restricted to specific clearance levels, or marked as “internal use only” so that it cannot leave the network at all. Classified files are encrypted and can only be opened by authorised users, rendering them useless to anyone else. This means that even if an accident does happen, the data is kept safe and no breach will occur.

“Local authorities are particularly prone to data breaches, and are behind only the healthcare sector in the number of incidents reported to the ICO. However, private sector organisations should take note and consider how much of their own data is likely to be sent to the wrong recipient on a regular basis.”