Cornwall Council data breach shares children’s personal information online – Cornwall Live

cornwall-council-data-breach-shares-children’s-personal-information-online-–-cornwall-live

As you well know that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown can help stop them!

Cornwall Council has apologised after it accidentally published confidential information relating to schoolchildren including their names, addresses and dates of birth. The council made the error when it published online documents for a meeting.

The info was shared by the appeals committee, which is responsible for determining appeals made by parents in relation to school transport for their children if their initial requests have been refused. The documents for Monday’s meeting (May 9) of the committee were published online and were available for public view.

Included in the documents were children's names, schools, home addresses and dates of birth. In one case the documents also included details of a teenager’s own personal mobile number and email address. In addition the paperwork included the names, addresses, email addresses and mobile telephone numbers for the children's parents.

Read more: Investigations launched into 'unmitigated disaster' Saints Trails project

Among the published documents were an Education Health and Care Plan (EHCP) for one of the children which had detailed information about the special educational needs (SEN) which provided personal information. And there was also an extract from a court document which related to one of the children and their parents.

The council said it had made a formal apology to the families affected by the data breach and would cooperate fully with any investigation by the Information Commissioner’s Office.

Get the best stories about the things you love most curated by us and delivered to your inbox every day. Choose what you love here

All organisations which handle data have to follow General Data Protection Regulation (GDPR) which provides strict rules around the handling of personal data and information. GDPR is part of EU privacy law and human rights law and sets out legal provisions for the handling and processing of personal data.

The agendas for meetings of the appeals committee are posted online by the council with the sections dealing with individual appeals withheld due to their confidential nature. Members of the press and public are not allowed to attend those parts of the meetings and are excluded “on the grounds that there is likely to be a disclosure to the public of exempt information relating to an individual”.

As soon as CornwallLive noticed the documents online we informed Cornwall Council’s communications team so that they could remove the documents from public view. The council said it has referred itself to the Government's Information Commissioner’s Office.

In a statement Cornwall Council said: “On 09 May 2022, it was brought to Cornwall Council’s attention that a breach of data protection regulations had occurred. A report which should have been only available to elected members on the School Transport Appeal Committee, was published in full on the council’s website as a result of human error. The report contained personal data belonging to five children and their families in relation to their school transport appeals.

“As soon as the council became aware, the information was removed from the website and the families concerned were informed and offered a full apology. The council has notified the Information Commissioner’s Office and will fully cooperate with any formal investigation.

“Cornwall Council takes its compliance with data protection requirements extremely seriously. No loss of control of data is acceptable and the council is clear that when this happens staff must immediately report it.

“Every incident of data loss is treated extremely seriously and thoroughly investigated to minimise any possible harm and to find ways of preventing it happening again. Procedures are regularly reviewed and changed in order to reduce the risk of data loss.

“We always work to minimise the likelihood of such losses occurring. For example, we regularly raise awareness amongst staff and councillors through formal training and publicity campaigns. In addition, all staff are required to read and agree to key information security policies, so they are aware of their duty to protect the information in their care. All council laptop computers and memory sticks are encrypted so that if they are lost their contents cannot be accessed.”

Lastly, let me just add that camDown is the solution for securing your webcam from cyber criminals and pedophiles and I am certain your father would agree!