Council paid out tens of thousands of pounds for data breaches
Ted Peskett, local democracy reporter
One Welsh council has paid out nearly £100,000 in compensation because of data breaches.
The figures, obtained by Data Breach Claims via a freedom of information (FOI) request, show Vale of Glamorgan council paid out £95,000 from April 2021 to March 2024 – the most out of the 12 Welsh councils that returned information on this.
Information on data breaches from 18 out of 22 Welsh councils has been presented by Data Breach Claims, with one council denying the request for information due to security concerns, according to the company.
Other figures from the FOI return show that Vale of Glamorgan Council faced 171 data breaches between April 2021 and March 2024.
Data breach incidents
The number of data breach incidents at the local authority has increased year on year, according to Data Breach Claims.
Figures obtained by them show that 30 incidents were recorded in 2021, increasing to 55 the following year. A further 86 data breach incidents were logged by the council between 2023 and 2024.
However, a number of other Welsh councils faced a higher total number of data breach incidents between April 2021 and March 2024.
These include:
Caerphilly County Borough Council (252)
Flintshire County Council (304)
Neath Port Talbot County Borough Council (267)
Pembrokeshire County Council (597)
Powys County Council (516)
Swansea City and Borough Council (237)
Torfaen County Borough Council (281)
Wrexham County Borough Council (532)
Councils are expected to collect, store, use, share and dispose of personal information or data about individuals, in line with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).
According to the ICO (Information Commissioner’s Office), cyber attacks on local authority systems have increased by 24% between 2022 and 2023.
Personal data breaches reported by local authorities, it confirms, have gone up by 58% in the same time period.
Responsibilities
A Vale of Glamorgan spokesperson said: “The council takes data security and its responsibilities under information and data law very seriously.
“An effective internal communications campaign was run in 2023 to ensure staff were reminded of their data security responsibilities and to continue to foster an internal culture of openness in reporting any potential incidents.
“Our reported figures include near misses and low-level breaches that other organisations may not act upon.
“We, however, feel that it is important that we have an accurate assessment of data security in the organisation and are able to learn from all incidents to better protect citizens personal information in the long-term.”
Support our Nation today
For the price of a cup of coffee a month you can help us create an independent, not-for-profit, national news service for the people of Wales, by the people of Wales.
This is also the Council with a £3m bus station in Barry without any buses, plus an Council IT overspend running in to millions.
Yet the Council Leader Lis Burnett, said money is very tight and she has sleep less night worrying how to balance the budget.