Multiple data breach investigations for Telford & Wrekin Council

Over the past 12 months, Telford & Wrekin Council has been investigated three times for data breach incidents by the data ombudsman.

The council came clean to the regulator twice last year due to data breach incidents that related to ‘human error’, according to audit and governance team leader, Rob Montgomery. In both cases, the Information Commissioner’s Office deemed that no further action had to be taken.

The third case broke when a public citizen spoke out about an apparent data breach that was alleged to have been committed by the Shropshire council. However, the ombudsman ruled that the council had committed no wrong-doing.

Speaking to the Audit Committee, Mr Montgomery said that the number of Freedom of Information Act (FOI) requests received by officials at Telford & Wrekin totalled 1,155. The figure is an increase of 91 on that recorded in 2018.

Mr Montgomery said:

“It’s unrealistic, given the amount of information this local authority handles on a daily basis, that human error won’t occur.”

“There were two breaches reported to the Information Commissioner’s Office in 2018-19. Both were due to human error and, after investigation, the ICO was satisfied of that and no further action was required.

“They also received a complaint from the public who alleged a data breach had originated from the council. The ICO investigated and found no evidence a breach had occurred.”

Documentation put together by Mr. Montgomery on behalf of the committee explained how the council took an average of two weeks to respond to Freedom of Information Act requests for the last two years in a row, six days sooner than the statutory 20 days.

Explaining who was making the information requests, Mr. Montgomery said:

“The vast majority are the press and the private sector looking for business. The minority are members of the general public.”

He also highlighted how there had been two FOI complaints forwarded to the UK regulator in 2018-2019, one of which was made because the council had been fractionally late in their response.

“We held our hands up about that and said sorry. We endeavour to reply in the correct time, but there are some that fall through the cracks,” Mr. Montgomery said.

“The second complaint revolved around the requestor challenging exemptions we put in place. The ICO ruled in our favour on that one,” he added.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.