Essex County Council 'sensitive' data found in building
- 10 October 2012
- From the section Essex
An investigation is under way into how "sensitive" information belonging to Essex County Council ended up in a disused building.
The security breach was one of three "recent" episodes at the Conservative-run council.
The Information Commissioner's Office has confirmed it is investigating the breaches.
The county council said security breaches were "rare", but would not comment further on the building case.
According to minutes of the council's community and older people policy and scrutiny committee, there have been "three recent information security breaches".
David Wilde, the council's chief information officer, told the meeting two breaches were "committed by a former and current employee" and the third involved the "discovery of sensitive Essex County Council information in a disused building".
He is reported as saying the incidents had "been a good test" of the authority's procedures.
Liberal Democrat opposition leader Michael Mackrory said: "I have grave concerns that this had been allowed to happen in an age when we have such tight security.
"I think those concerns will remain even if we have an explanation," Mr Mackrory said.
"We need to have absolutely watertight procedures in place."
Mr Mackrory said he had been told "a full investigation" would take place had heard nothing more since.
BBC News asked the council for details as to when each incident occurred, where and what type of information was involved.
The council has refused to provide details about the files discovered in the disused building saying an investigation was "ongoing".
However, a council spokesman did say the other two incidents involved a "member of staff erroneously" sending a "spreadsheet to 40 volunteers containing their own personal details" and the third involved details of 400 people ending up in the hands of an ex-employee.
A spokesman for the Information Commissioner's Office (ICO), an independent authority set up to oversee data and information issues, said: "I can confirm that we are still making inquiries into the two cases relating to a former member of staff and the discovery of files in a disused building."
Figures released by the ICO reveal there were 821 reported data breaches in the UK in 2011-12, compared with 79 in 2007-08.
The ICO said the increase in cases demonstrated organisations were better at reporting breaches as a result of increased awareness of the legal requirements to keep people's data secure.
Fines of up to £500,000 can be imposed on organisations which lose information through negligence.