The UK Government's Information Commissioner's Office (ICO) has revealed it has handed out £2 million in monetary penalties since given the power to do so in mid-2010.
Reflecting on 2012, the UK information commissioner Christopher Graham said that nineteen councils failing to have the most straightforward of procedures in place shows that ‘there is an underlying problem with data protection in local government'.
“It would be far too easy to consider these breaches as simple human error," he said. "The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence.
“Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.
“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated.”
Graham said that it will be meeting with stakeholders from across the sector to discuss how the ICO can support them in addressing those problems.
Speaking to SC Magazine earlier this year, Graham said that one problem with local authorities, councils and government is that staff are dealing with personal information which is often sensitive; and that staff have to be made aware that they are dealing with people and not just numbers.
ICO's principal technology policy adviser Dr Simon Rice said that the 19 monetary penalties issued to businesses was ‘19 too many' and issuing finest was ‘not something that the office enjoys doing and it does not represent everything that we do'.
David Smith, deputy commissioner and director for data protection at the ICO, said that the office was pressing for ‘power of custodial sentence', primarily for sentences that were 'punishing for not doing things properly'.
Asked if there was a timeline for custodial sentences to be introduced, Smith said there was not but said it was something the ICO had been pressing for a long time.
“The government have resisted for several reasons, such as they do not believe in creating more and more crimes that can carry prison sentences, also Leveson is looking at this following the actions of journalists, so let's wait for his report,” he said.
The ICO also said that it is pressing the Ministry of Justice for stronger powers to audit local councils' data protection compliance, if necessary without consent. The same powers are sought for NHS bodies across the UK following a series of data protection breaches in the health sector.