1. ITV Report

Newcastle City Council confirms a data protection breach

Newcastle City Council confirms a data protection breach Credit: ITV Tyne Tees

Newcastle City Council confirmed a data protection breach has taken place.

On 15 June 2017, an employee in the council's adoption team accidentally attached an internal spreadsheet to emails inviting adoptive parents to the council's annual adoption summer party.

The email and attachment were sent to 77 people.

Watch Kris Jepson @krisjepson's report here:

This attachment contained personal details relating to 2,743 individuals, comprising current and former adoptees, parents and social workers who had been involved with these families.

The spreadsheet included personal information such as names, addresses and the birthdates of the adopted children.

Adoptive father and social worker Al Coates told ITV News many families will be "anxious" tonight.

My concern is for adopters who are probably feeling really anxious that that information has potentially gone into the public domain. Those anxieties, how they work them out, 95 per cent of adoptions are non-consensual, therefore by court order, so there are very, specific reasons why biological families can't parent their children. So people are anxious that people are going to come to their house, come to their door and they'll want reassurance that that isn't going to happen.

– Al Coates, Adoptive Dad

In a statement the council said it was "... deeply concerned to learn of this breach."

A thorough investigation was carried out into how this happened. A series of measures have been put in place to contain the breach, minimise potential distress to those affected and ensure that such breaches cannot happen in the future.

The council apologises for any worry and concern this incident may have caused. We encourage anyone who thinks they may have been affected to get in contact via the dedicated helpline

– Council Statement
Newcastle City Council confirms a data protection breach Credit: ITV Tyne Tees

These measures include:

  • Contacting the 77 people who were sent the email requesting they delete the information to avoid it circulating further
  • Putting in place a process to contact as many of those affected as possible by phone and letter
  • Setting up a helpline and related counselling services to assist anyone with concerns
  • Informing relevant regulators
  • Commencing a review of data protection across the council and running refresher training courses for all staff with access to sensitive information
  • Instigating a broader review of policies to ensure that no such breach can take place in the future.

Director of People, Ewen Weir, said:

I am truly sorry for the distress caused to all those affected. We will work closely with the affected families and individuals to support them at this trying time.

The council takes data protection and confidentiality very seriously and has acted swiftly to understand what happened and who has been affected. This breach appears to have been caused by human error and a failure to follow established procedures. We are conducting a thorough review of our processes to identify what changes we can make to ensure that this never happens again.

– Director of People, Ewen Weir

Cyber security expert, Professor Alastair Irons, from the University of Sunderland told ITV News "sensitive information like that should really be looked after much more carefully, looking at routines if they're going to attach it to an email, to double check that it should be attached to email. For example, the files could be encrypted themselves or even the records could be encrypted on their own so that if they did go out by mistake that nobody can make any sense of them".

Anyone involved with Newcastle’s Adoption Service who has concerns can call the council’s dedicated helpline on 0191 211 5562 for further information.