CONFIDENTIAL information stored on a Swindon Council computer hard drive has been bought for a nominal fee over the web, as part of a university investigation.
And now the Information Commissioner is considering an investigation into the council’s data processing techniques .
The discovered data includes secret council employee salary information, private email correspondence, personal information about corporate and residential planning applications and confidential council computer system details.
The Information Commissioner’s Office (ICO) yesterday confirmed it was currently reviewing the contents of a University of Glamorgan investigation which saw a professor buy the breached information for between £5 and £10 on eBay.
It is expected the ICO will soon announce whether it will go ahead with its investigation.
Professor Andrew Blyth, from the Welsh university, said the BT-funded report shows disposal services are not working.
He said: “This is the first council we have had since starting the project four years ago.
“The processing of very personal information needs to be stored in a safe way. it is clear that the disposal services are not working for this to come out.
“The council can fix the problem, what they need to do is when they dispose of the instruments they must ensure the information is wiped from the hard drive and they need to check that it is actually happening.
“The disposal services need to be reviewed, the information has to be put beyond use so that no one can use it.
“If the details of a planning application are made available in this way and someone wants to steal your identity this would create a part of the package to do so and be a good head start.
“If the information commissioner investigates, he has the power to stop certain people in the council from processing data in the future.“ The computer forensic expert added some of the other information uncovered included data from Ford Motor Company on its plans for its new KA model vehicle and Laura Ashley.
Michael Wills, the minister for data protection and North Swindon MP, said the potential breach of data protection rules by the council was a very serious matter.
He said: “Swindon Borough Council clearly have questions to answer. I understand the information commissioner is looking at this now and I am sure that he will want to be reassured that the council will put new checks in place to ensure that this doesn’t happen again. As data protection minister, I take all such breaches of data security very seriously. As North Swindon MP I know my constituents will want reassurance from the council that they will do everything possible to prevent such breaches happening in the future.
“Every time such a breach takes place it reinforces the need for everyone in the public and private sector to take data protection more seriously.”
Bob Cretchley, Unison branch secretary, said: “Obviously if there is any personal information about employees that has escaped it’s a matter of great concern.
“I wouldn’t want to see any private information getting into the public domain. General salaries are in the public domain sometimes like local government pay rates, but people’s secret information is not acceptable. In terms of whether it is an increasing trend people can draw their own conclusions by what has been in the press of late.”
Council will investigate
SWINDON Council said it will be contacting the university in order to investigate how the information escaped.
A spokesman said: “No computers disposed of by Swindon Borough Council have any information on their hard drives – they are all professionally wiped clean and the data they contained is effectively irrecoverable except in some circumstances to forensic experts.
“Since late 2007, all council laptop computers have been encrypted, which makes the information on them extremely difficult to recover by an unauthorised user, and again when these are disposed of they are wiped clean.
“For the information on this particular disk to have survived suggests that it’s on an older computer which hasn’t been used on the council’s network for some time.
“All information about planning applications, when processed within the council, is treated as information which is potentially available to the public.
“While we haven’t had chance to see what data was contained on this particular disc, if staff have followed our guidelines the planning information it contained should not be confidential.
“That said, we clearly want to investigate how this information has escaped and we will contact the university to obtain more details.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel