Friday, 28 April 2017

On 00:09 by admin   No comments
A SERIOUS data security breach at Gloucestershire County Council (GCC) has allowed highly sensitive information to be released to the public.
Much of the information relates to personal, medical details of vulnerable adults.
GCC were notified of the data breach on April 3 but three weeks later, the sensitive documents remain available.
Rachel Smith, Green Party County Council Candidate for Minchinhampton Division, discovered the data breach whilst researching social care procedures and funding.
She said: “I was completely shocked when I found myself reading such detailed information about vulnerable adults.
“The documents were there online for anyone to take a look at, and whilst the names were reduced to initials, the information was detailed and sufficient to make the people they related to identifiable.
“As soon as I realised what I was reading I immediately contacted GCC to alert them to what was clearly an error.
“As an allied health professional myself, if I released data in that way I would likely be suspended from my profession.”
The council regularly arranges residential and non-residential care for people with physical disabilities, learning disabilities or mental health needs.
It has been using the ProContract and Malinko platforms to post notices when urgent care is needed - intended to locate approved providers.
GCC have released a statement apologising for the breach.
Pete Bungard, chief executive of GCC, said: “Information relating to a small number of service users was published on a specialist procurement website for providers wishing to offer support.
We were made aware on April 3 and took immediate action to remove the information.
“We take the security of personal information extremely seriously and I sincerely apologise for this error.
“I can reassure our service users that full names, financial information, dates of births and contact details were not released.
“Staff have had immediate retraining and an internal investigation is being carried out.”
After repeated emails and calls to the council requesting an investigation into the breach, the pages on the contracting portal were disabled.
GCC are working hard behind the scenes to make sure the information is removed.
A spokesperson said: "Sometimes google and personal devices keep a record of sites people have visited and information accessed.
"We are working with these procurement sites and search engines to do all we can to have this information removed."


Post a comment