Data breach investigation into Highland Council concludes

data breach

Staff at Highland Council are being taken through new security protocols following a major data breach.

The data breach occurred when eight pages of social work documentation were thrown out among general waste and left outside Highland Council HQ in Inverness. Some of the discarded information covered details on nearly 30 children.

One element of the fallout has seen workers at the Council being given lessons on how to deal with and dispose of confidential material in line with data protection legislation standards.

In the aftermath of the data breach, an investigation was launched by Scotland’s biggest local authority, Highland Council, on May 14th 2019. The Information Commissioner’s Office was also informed, and subsequently opened its own official exploration of the incident.

Now that the Council’s investigations have drawn to a close, officials say they are implementing new measures to see to it that a data breach of this nature and size does not happen again. Official staff training is ongoing, while the bins in question have been taken to a secure zone.

A spokeswoman for Highland Council said:

“The investigation is complete and will be reported to the chief executive in due course.

“The breach was reported by The Highland Council to the Information Commissioner’s Office (ICO) on 16th May 2019. The original copies of the information were retrieved and there is no longer any risk to the privacy of the individuals named in the documents.

“We have reviewed the location of a number of bins at headquarters and ensured that all bins throughout the building have appropriate labels. All Highland Council staff have been reminded regarding the advice and guidance for dealing with confidential waste and further reminders will be issued in future.”

The documentation contained minutes taken at a closed panel within Highland Council; they were initially found by a member of the public who was looking into allegations of fly-tipping at the time.

The documents held full names, birth dates and case numbers of 28 youngsters, one of whom was eight months old. The papers were discovered laying on the floor in the vicinity of black bin bags that had been ripped open.

At the time the news broke, MSP Rhoda Grant said the data breach was “shocking and inexcusable”, and has reiterated her hopes that such an incident never happens again.

“I think we should all be thankful to the individual who reported this incident so that these documents could be retrieved and this issue could be investigated. Given the quantity of personal information Highland Council holds throughout the organisation, they should have a robust system in place so that such an incident could never happen,” she said.

“This obviously wasn’t the case in this instance however, it’s reassuring that they took the issue seriously and I hope I never hear of such an incident within Highland Council again,” she added.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.