SENSITIVE personal information held by Southampton City Council have been ‘breached’ more than 50 times, the Daily Echo can exclusively reveal.

Some of the incidents, which happened over a three-year period between 2011 and 2014, were so serious that they saw internal investigations five times, and one breach even saw an ex-council employee successfully prosecuted.

The data about the breaches comes from a study by privacy campaign group Big Brother Watch which revealed local authorities recorded a total of 4,236 data breaches in three years from April 2011 – a rate of almost four every day.

One of the 53 cases at the council saw an ex-staff member prosecuted after ‘highly sensitive’ data was transferred to his personal e-mail account. This resulted in the ex-employee being taken to court by the Information Commissioner’s Office (ICO).

As reported by the Daily Echo at the time, leisure users in Southampton also had their files breached when a temporary council worker accessed their files and sent them a marketing letter on behalf of a private company, for which he was suspended and then asked to leave.

Other leaks include disclosure of sensitive information by a staff member, information shared incorrectly with third parties and information wrongly posted on the internet.

It was also revealed how a laptop, mobile and memory stick containing council files, was stolen from a depot in Shirley, but no disciplinary action took place despite the police being notified. Big Brother Watch is now calling for a policy change to prevent and deter data breaches.

Director Emma Carr, said: “Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them. A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.

Daily Echo:

“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public Far more could be done to prevent and deter data breaches from occurring. Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required.

“Until we see these policies implemented, the public will simply not be able to trust local councils with their data.

Richard Ivory, Head of Legal and Democratic Services at Southampton City Council said: "We have a legal, moral and ethical duty to properly take care of people’s personal information. As an organisation which processes thousands of pieces of sensitive information every day, we take that responsibility very seriously indeed. Mistakes can happen, and in some rare instances, as highlighted in the report, we or our partners fell short of the standards expected of us.

"We try to minimise the risks of data being lost or misplaced as far as possible by having appropriate measures in place to safeguard personal information, including having data protection policies in place, providing training for all staff who handle personal information, as well and raising awareness of our responsibilities across the council."

"The council has a robust investigation process in place for when data breaches are identified or reported and takes appropriate remediation, disciplinary or other action as appropriate on a case by case basis.

"The council has an excellent track record of working with the Information Commissioner to improve data handling and information security within the council and across its partner organisations generally and proactively works to improve information governance organisationally through commitment at the highest levels."