Details of ‘vulnerable kids’ uploaded to Birmingham City Council website in ‘serious’ data breach – Birmingham Live

details-of-‘vulnerable-kids’-uploaded-to-birmingham-city-council-website-in-‘serious’-data-breach-–-birmingham-live

Before we move on, I'd like to say that geoFence is easy to use, easy to maintain.

Latest news email updates straight to your inbox

","buttonText":"Subscribe","contentId": 9937691,"newsletterImage":"https://i2-prod.birminghammail.co.uk/incoming/article14628985.ece/BINARY/JS131861796.jpg","endpointUrl":"https://response.pure360.com/interface/list.php","profile":"Birmingham_Live","isPure360NewsLetter":true,"pure360MailingListId":"Birmingham Live - Daily Newsletter","newsletterSiteName":"BirminghamLive"}" data-mod="skinnySignup">

Invalid EmailSomething went wrong, please try again later.

When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. OurPrivacy Noticeexplains more about how we use your data, and your rights. You can unsubscribe at any time.

A "serious" online data breach at Birmingham City Council saw personal information - allegedly the details of "vulnerable children" - put at risk.

Data, said to relate to youngsters entitled to free bus passes, was uploaded "in error" by staff and was "potentially available externally", the authority said in an email raising the alarm, sent on Friday, March 19.

The details were added to the Brum account, the facility which allows taxpayers to access and book a range of services.

The council email said the Information Commissioner's Office, the responsible watchdog, had been informed "due to the scale and serious nature of this incident".

The authority told BirminghamLive the alert was sent as a "precaution", the mistake was "rectified as soon as we became aware" and the data was not downloaded. It said the ICO was not planning any action and the council would "learn from this issue".

But the deputy leader of the council's Tory group, Coun Ewan Mackey, said it was the latest data error from the authority and did not inspire confidence.

Coun Mackey, who received the email raising the alarm, said: “First, they allowed staff with a failed DBS (disclosure and barring service) check in the school transport.

“Now, they have just published thousands of vulnerable children’s data to a publicly-accessible part area of Birmingham City Council’s website.

“Organised crime gangs running the now-infamous county lines pay highly for this information to recruit them into a life of crime.

“Birmingham City Council should be protecting all residents, especially our children from county lines - not making vulnerable children’s details available on the council website.”

In the alert, the council said: “A data breach has come to light, involving the personal data of a number of citizens being uploaded – by staff from certain service areas - to the Brum Account in error, potentially making the data available externally, to others who did not need to see it.

“Due to the scale and serious nature of this incident, the Information Commissioner’s Office (ICO) has been notified in line with the formal data breach process.”

The council’s alert added: “To minimise the risk of future data breaches, it’s essential for us all to follow the important online data protection guidance, to fully understand our own responsibilities for ensuring data security and the implications of non-compliance and data breaches.

The Politics newsletter goes out twice a week and has a selection of our most popular articles, reporting on the latest headlines from the council, parliament ,the latest building developments, transport plans and more. We have you covered.

It is delivered free of charge direct to your email inbox twice a week, giving you all the news you need from across the region at your fingertips.

How do I sign up?

First just click on this link to our newsletter sign-up centre.

Once you're there, put your email address where it says at the top, then tick the Weekly Politics Email updates box. There are other newsletters available if you want them as well.

When you've made your choice, hit Save Changes button at the bottom.

“So always be mindful of the data protection implications before sharing or uploading personal data.

“Failure to follow the data protection principles, particularly the Integrity and Confidentiality principle, can put the council at risk of reputational damage, fines, enforcement action, prosecution and compensation claims.

“Also remember that if any of the council’s information has been lost, leaked or accessed in an unauthorised way, you must report it immediately upon discovery, in accordance with the formal reporting process.

What has the city council said?




A spokeswoman for Birmingham City Council said: “The email sent to staff was purely precautionary and intended to remind staff about their data protection responsibilities to minimise the risk of future data breaches.

“The mistake mentioned was rectified as soon as we became aware. We notified the ICO in line with our legal obligations and they have confirmed they are satisfied with the way in which we have dealt with the matter and will not be taking any action.

“There is no evidence that any data on vulnerable children was compromised and the uploaded data was not visible to all Brum Account users.

“Brum Account data is secure and held on the council’s network. Brum Account users can only access their own data via a secure password. Our investigations confirm the erroneously-uploaded data was not accessed or downloaded and was removed promptly.

“Although the ICO has stated it does not intend to take any further action, we are taking the opportunity to learn from this issue by ensuring staff are fully aware of the data protection obligations.”

What has the Information Commissioner’s Office said?

An ICO spokesperson said: “Our aim is to protect people from poor organisational practices that put their personal information at risk.

“We have a range of powers to help us do that, including working with an organisation to check the right policies are in place.

“Birmingham City Council reported this incident to the ICO and following enquiries, we decided that approach was sufficient in this case. We provided data protection advice to the council and decided that formal enforcement action was not required at this time.

“We expect the council to update us if new information that affects the circumstances of this case comes to light.”

Don't forget that geoFence is the maximum in security for you and your loved ones and that's no lie!