Council's data breaches at lowest level for years

BBC The entrance of Sunderland City Council headquarters. The sign above the glass fronted building reads "city hall".BBC
Sunderland City Council's mistakes include using incorrect email and postal addresses

The number of data breaches at a council has fallen to its lowest level since it started keeping official records, but staff have been told bad habits have increased the risk of errors.

Sunderland City councillors have been told mistakes, such as using incorrect email and postal addresses, led to issues when handling residents' data.

Data protection officer Nick Humphreys said there were 58 breaches during 2023-24 but none were serious enough to be reported to the Information Commissioner’s Office (ICO).

In comparison, there were 61 breaches in 2022-23 and four were reported to the ICO.

Nick Humphreys, the council's data protection officer, said errors had decreased last year after management cracked down on staff using old letters as templates.

But he warned mistakes began to occur again "towards the end of the year".

To reduce breaches, staff have been told to use clean templates for all new documents and are required to encrypt emails containing high-risk or personal information, according to the Local Democracy Reporting Service.

Council workers involved in incidents have also undergone refresher training, while some of the council's processes have been changed to make them more secure.

Reports detailing the council's data protection breaches have been published since 2019, the year after the General Data Protection Regulation (GDPR) came into force.

Follow BBC Sunderland on X (formerly Twitter), Facebook and Instagram. Send your story ideas to [email protected].