ICO to investigate Essex County Council data breach

A data breach at Essex County Council, which has exposed up to 400 vulnerable people to identity theft, is to be investigated by the Information Commissioner's Office (ICO).

The security lapse, by a council employee, involved the names, addresses and financial information of people in the council's Adults Health and Community Wellbeing department being sent to a computer outside of the premises, according to local news website This Is Total Essex.

In a statement sent to Computing, Essex County Council admitted that there had been a breach but tried to downplay the likelihood of identity theft occurring as result of the lapse.

"While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy. Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised," the statement said.

"We do not believe there is malicious intent behind this incorrect use of data. The information involved is such that (the risk of) identity theft is minimal," the council added.

Essex County Council has tried to reassure its service users and customers that the breach was an "extremely rare" incident while stating that it trains its staff on governance, information handling and security policies and procedures.

Meanwhile, the ICO has confirmed to Computing that the data breach will be investigated.

"We have recently been made aware of a possible data breach which may involve Essex County Council," an ICO spokesperson said.

"We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken," he added.