A recent article in The Guardian by Helen Pidd exposed that Newcastle City Council had once again committed an extremely serious and worrying breach of confidential data. This was only months after their shameful leaking of highly confidential adoption data that they are currently under investigation by the ICO for.
We’re using this week’s blog post to speak specifically about our own experiences with Newcastle City Council and the concerns we’ve repeatedly raised about their data protection processes and their cavalier attitude towards confidentiality.
We’ve hoped for a long time that a sea-change would come with regards to Newcastle City Council. Now we are simply demanding that they are stripped of their right to handle confidential data in line with ICO requirements and must rebuild from the ground up as a local authority with extreme and robust external parties in place to govern them in the meantime.
We first encountered Newcastle City Council earlier in the year when a client of ours came to us for assistance having been victim of a systemic anonymous attacks after being exposed as a local authority whistleblower. We worked with the client and it became immediately apparent that to protect a small group of line managers in one area of the council, the personal details of the whistleblower speaking out against them was purposefully leaked by the council themselves in order to intimidate said whistleblower into ‘going away’.
We had all the evidence to convey the severity of this situation. We wrote off in partnership with our client and asked for meetings with the executive in charge of the specific department. We were ignored. We wrote to the complaints department, the legal department and each time we were given the run around. On behalf of our client we had to write off to the ICO and raise a concern as confidential intelligence about our client and our requests was ‘leaking’ straight out of the Freedom of Information team’s department.
Eventually, Newcastle City Council ‘ran the clock down’ on our client and instead of being able to present all the horrible evidence of what certain local authority departments had done in dropping confidential whistleblower information back into the hands of the very people the whistleblower was complaining about, they simply refused to engage in ANY discussion about it through the required formal channels. The matter was subsequently taken to the Local Authority Ombudsmen.
However, in the process of investigating this particular matter for our client we could see from a mile off as security consultants that Newcastle City Council had a major, major problem in terms of its data handling and confidentiality specific to one department – Safeguarding.
Putting aside our issues with the corruptive manner in which Newcastle City Council had behaved, we decided the security of vulnerable children and adults were more important. So we wrote off to the Chief Executive’s office at Newcastle City Council and we sent the same letter to the heads of both adult and children’s safeguarding services in February 2017. We warned them that there was a strong possibility of data breaches and ICO contraventions occurring from what we had witnessed and that we wanted to help. We offered our Security Vulnerability Assessments service to Newcastle City Council and even shone a spotlight on some of the immediate areas of concern.
We were duly ignored by both heads of safeguarding and we received a three-line letter back from Newcastle City Council overall saying there was no need whatsoever for our services and they had all required measures in place. Four months later? This happened.
The ICO investigation into the FOI team’s abuses of our original client’s personal information had not even concluded before a major high level investigation into Newcastle City Council’s leaking of 2,500+ individuals private information has had to be opened.
We don’t yet know what the sanction(s) are going to be from the adoption debacle and yet now THIS.
What’s it going to take for the powers that be – the ICOs, the Ombudsmen, the PRESS – to realise that Newcastle City Council is not fit to handle any information that falls under the purview of the Information Commissioner’s Office? What’s it going to take for every single executive officer within this local authority, who holds any responsibility for making sure this does not happen and does not get covered up, to be removed from their position and exposed for failing so severely?
Do you THINK Newcastle Council are going to pay a £500,000 fine by any other way than sanctioning the people of the North East with raised costs for services? Do you think the ICO will even step up to the plate and actually implement sanctions, fines, etc. of REAL meaning with this organisation?
There needs to be a much larger scale investigation into finding out the answer to one very simple question:
What do you do when a public body requires access to confidential information in order to function but is so resolutely incapable of handling it safely?