Image source: Privacymaven CC BY 4.0 via Wikimedia Commons
Information Commissioner John Edwards has urged local authorities to recognise the real world impact of data breaches and the devastating effects they can have on people’s lives.
He pointed out that local government often deals with highly sensitive personal data – ranging from medical histories to private addresses – and faces unique data protection challenges.
It consistently ranks as one of the top areas for reported data breaches, with nearly 1 in 10 reports originating from the sector. Many of these incidents result from human error, lack of proper security measures, or outdated systems that are not equipped to handle modern data protection requirements.
Edwards said: “We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches.
“This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need local government to do better.”
Widespread impact
Figures revealed by the Information Commissioner’s Office (ICO) show nearly 30 million people in the UK have experienced a data breach. In total, 55% of UK adults reported having had their data lost or stolen, with 30% of them experiencing emotional distress as a result.
Yet 25% said they received no support from the organisations responsible and 32% found out through the media rather than from the organisation itself.
Qualitative research conducted by the ICO also revealed experiences of people having to move homes, feeling forced out of their jobs and facing discrimination as a result of data breaches they had experienced. People told the ICO they felt the real impact on their life was insufficiently recognised by the organisation responsible.
In a blogpost published alongside the figures, Edwards said people in vulnerable situations – such as survivors of domestic abuse and those living with long term health conditions – are often disproportionately affected by such breaches. These people may already be in precarious situations, and the unauthorised disclosure of their personal data can heighten the risks they face.
This may be particularly the case when data breaches occur at a local government level, due to the sensitivities of the information these organisations hold.
Empathy and action
Edwards said: “There are two important things I need organisations to understand: empathy and action.
“You have a role to stop the negative ripple effect in someone’s life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again.”
The ICO said it is committed to working alongside local government to help them improve data protection practices and has published new guidance.
Research was conducted by Savanta on behalf of the ICO, questioning 5,533 members of the UK public in January and February of this year.
