Lancashire County Council breached data protection rules on almost a hundred occasions in the space of three months.
The figures, presented to a recent meeting of the authority’s internal scrutiny committee, have prompted county hall to add data handling to its list of risks to the council’s finances and reputation.
There were a total of 98 breaches between April and June this year – seven of which were referred to the Information Commissioner’s Office (ICO), which investigates complaints about how personal data is used by the organisations which hold it.
The period covers the introduction of new European-wide legislation, the General Data Protection Regulations, which have introduced tougher rules, including the requirement to obtain consent from individuals about how their data is used.
The ICO has the power to fine local authorities over £17m for the most serious incidents, but no penalties have been issued in relation to the cases reported in Lancashire.
The county council says staff have undergone training about their responsibilities and that more recent, as yet unpublished, statistics show that the number of breaches is falling.
The authority’s risk register outlines a plan to prevent the “unlawful disclosure of personal or commercial data, caused by a deliberate, accidental or technical breach”. The most serious incidents will now count as gross misconduct by any council employee found to be responsible.
A spokesperson for Lancashire County Council said: “We deal with thousands of items of personal and commercial data every day and ensuring this information is handled correctly is extremely important to the council.
“We have a policy where data breaches are reported and investigated by the council, and if required reported to the Information Commissioner’s Office to be considered further.
“With the introduction of new data protection legislation earlier this year, staff have completed information governance training and we have raised awareness of the importance of the issue through campaigns.
“As a consequence of this we have seen an increase in the number of reported incidents. However, between July and September, the number of incidents reported to the ICO has fallen from seven to two.
“To help reduce future incidents the council is introducing a new training course for staff who have been responsible for any breaches.”