The Welsh government has been reported to have broken data protection laws at least 300 times in less than three years. 

According to a report by the BBC, documents that have been breached include "personal sensitive data" as well as criminal allegations. Only 11 of the 300 data breaches have been reported to the UK data watchdog. 

The Welsh government has since assured that the data breaches have already been acted upon. 

Welsh Government Broke Data Protection Laws

The Welsh government has broken data protection laws over 300 times since 2019, per a BBC report. 

According to the BBC, some of these data breaches involved a supposedly secure government website. 

The Welsh government has since assured that it "takes data protection obligations seriously and carries out an internal reporting process."

Which Documents are Affected?

Data Breach
(Photo : cottonbro from Pexels)

Of the 300 data breaches, 11 have been reported to the Information Commissioner's Office (ICO). The ICO is considered the UK's data watchdog. The data breaches that have been reported to the ICO include:

  • An April 2021 care home inspection report that contains sensitive personal data published on the Care Inspectorate Wales website.

  • A March 2021 safeguarding inquiries court report containing personal data that was emailed to the wrong service users.

  • "Personal sensitive data that also included criminal allegations" that were published on August and September 2019 on the Planning Inspectorate's appeals casework portal. 

According to the BBC report, the subject of the data of three of the 11 cases reported to the ICO was offered fraud prevention protection. The details were then flagged in the National Fraud Database so that companies can see that the person "is at risk of impersonation and take extra steps to ensure they are protected."

Per the ICO, if you think that you are a victim of a data breach, you must first contact the organization involved first. If the victim is not satisfied with the handling of the matter, then he or she may come to the ICO. 

"The organisation must assess the seriousness of the incident and whether it poses any risk to the rights and freedoms of people. If they decide not to report it, they must be able to say why," said the ICO, as quoted in the BBC report. 

Related Article: Worried About Privacy Breaches? Here Are Cybersecurity Tips To Lock Out Intruders

Welsh Government Takes Action Against Data Breaches 

According to the BBC report, 33 staff members of the Welsh government have been "referred to the human resources department, with disciplinary action or the 'underperformance procedure' used with some." Informal action has been taken against other staff members.

Sixty staff members were also made to repeat data protection training, while some were asked to turn off the auto-fill option in their Outlook emails. 

"Desk instructions, relevant policy documents and guidelines have been reviewed and updated" by the Welsh government, which employs around 5,500 full-time staff. 

Also Read: How To Prevent Data Breaches In The Cloud

This article is owned by Tech Times

Written by Isabella James

ⓒ 2021 All rights reserved. Do not reproduce without permission.