Monday 15th April 2024,
North Yorks Enquirer
Spotlight

NYCC/CYPS: Serious Data Breach Leaves Kids Vulnerable

May 31, 2016 North Yorkshire County Council

NYCC/CYPS: Serious Data Breach Leaves Kids Vulnerable

  • an “In My View” article by NIGEL WARD, reporting on a serious breach of personal data on the part of Pete DWYER’s Children & Young Peoples’ Services department at NYCC.

~~~~~

On 15th April 2016, I emailed NYCC’s Asst. CEO: Legal & Democratic Services and Monitoring Officer Barry KHAN to inform him of a very serious breach of the Data Protection Act 1998 on the part of Children & Young People’s’ Services at the Council, for whom ultimate responsibility resides with the Corporate Director, Pete DWYER.

In a PDF document publish on the NYCC website, the necessary redaction of the names and personal data of members of the public, including children and young people under the age of 18, had proved to be fatally flawed, leaving data easily accessible to internet-users.

This was particularly disturbing because many school children have a presence on social-media – Facebook, Google+, Pinterest, Tumblr, WhatsApp, etc – showing not only their images (as profile pics) but also those of other members of their friendship circles, and often a general narrative of their recent activities, likes/dislikes, favourite meeting-places, etc.

Clearly, this stood to render them and their friends open to targeting by predatory ‘groomers’ who trawl the social-media sites in search of potential victims for sexual abuse.

In the wider context of the reports of inappropriate conduct taking place between teachers and students, this data breach must be viewed very seriously indeed.

To his credit, Barry KHAN arranged for the immediate withdrawal from publication of the inadequately redacted document, thanking me for my assistance in drawing to his attention the exact nature of the technical error.

Only today, 31st May 2016, has NYCC’s Paul ATKINSON confirmed, on behalf of the Council’s Information Governance Manager (identity unknown), that NYCC has since complied with the regulations by reporting itself and the above-mentioned data breach to the Information Commissioner’s Office. I have asked Paul ATKINSON for a copy of the report and any follow-up correspondence between NYCC and the ICO; nothing is thus far forthcoming.

It is not known what has happened to copies of the PDF document sent out by CYPS in email correspondence. One suspects that such copies are now beyond recall, leaving children and young people permanently vulnerable.

Hard-copy documentation bearing the printed URL-link to the document now, of course, directs users to a properly redacted version at the same web-location.

I am awaiting the Council’s response to my Freedom of Information request of 12th May 2016, requesting the following information in an attempt to elicit how many such flawed redactions have emanated from the Council this year alone:

  • A) For the calendar months January, February, March & April 2016, how many PDF documents did the Council publish into the public domain – either by way of download-URL links on the Council’s website, or by attachment to outgoing emails? 
  • B) Of those, how many contained redactions
  • C) Of those, how many were redacted using the procedure that I have demonstrated to be useless?

It would be a very serious matter indeed if the Council were to be shown to have ‘leaked’ personal data on a routine basis as a result of similar acts of technical or administrative incompetence, either within Pete DWYER’s own department or elsewhere in the Council.

So now that the Council has complied with its statutory duty to report the data breaches, will the ICO recommend that the Council issues a public announcement (or apology, even), in the interests of the ‘victims’ of their incompetence as well as those of the wider public?

We shall see.

ICO_Data_Breach_Guidance

Meanwhile, I hope that Pete DWYER and his colleagues can be relied upon to produce an exhaustive and truthful disclosure of the information that I have requested.

I have collated other documents that have been inadequately redacted by the same method.

So the ‘powers that be’ risk being exposed as deeply dishonest if their FOIA response does not include the examples which I already hold . . .

More from the North Yorks Enquirer

Comments are closed.

Recent Posts

Accountability: NYC & WTC

April 12, 2024

Missing: Chiefs’ £120K – NYE Proscribed Again

April 10, 2024

Police 7: Community Policing – late March ’24

March 27, 2024

NYP Appeal: Missing Whitby Man

March 23, 2024

WTC: Annual Assembly 25/03/24

March 22, 2024

Emma Caldwell Scandal: A Follow-Up

March 18, 2024

The Emma Caldwell Scandal and NYP

March 10, 2024

Dredging the WTC Harbour Committee

March 1, 2024

“The ‘Last Chance’ Saloon”

February 26, 2024

Book Reviews: “Inside the Mind of the Yorkshire Ripper”

February 20, 2024

NY Enquirer in the National Press

NY Enquirer in the Regional Press

NY Enquirer in Private Eye

NY Enquirer on YouTube

North Yorks Enquirer Archives

About The Enquirer

The North Yorks Enquirer is an internet news magazine covering local, regional and some national news. It provides a forum for citizen journalists working in the public interest to expose wasteful spending, malpractice and corruption in authorities around North Yorkshire and beyond.

Contact The Enquirer

Do you have a story you want to share?

Send it to news@nyenquirer.uk

Complaints

Letters To The Editor

Please include your name and town.

Not all submissions will be published.

Send it to letters@nyenquirer.uk

Disclaimer

North Yorks Enquirer