Second special educational needs data breach for Central Bedfordshire Council in two months

Central Bedfordshire CouncilCentral Bedfordshire Council
Central Bedfordshire Council
Central Bedfordshire Council is considering extra training options for staff, after a second special educational needs and disabilities (SEND) data breach in two months.

The need for stringent checks continues to be reinforced with its staff by Central Bedfordshire Council, which will examine further support options, it said today (Friday, July 19).

In the latest incident, a parent received a copy of someone else’s education, health and care plan (EHCP) in the post, according to the Central Bedfordshire SEND action group.

Hide Ad
Hide Ad

A list of the names and dates of birth of children with SEND was emailed by CBC to a parent recently. An apology was issued to the parents of the children by the local authority.

The document called ‘Transition Children 14 plus’ listed children aged 14 to 17, their dates of birth and the staff member responsible for their case, said the action group.

CBC could face a significant fine for such a data breach, but not for the latest occurrence, the local authority explained.

A council spokesman said in a statement:‘Unfortunately, one child’s details were sent to the wrong family in the post.

Hide Ad
Hide Ad

“Although it doesn’t meet the threshold for being reported to the information commissioner’s office (ICO), we’ve made contact with those affected and retrieved the information in person.

“We continue to reinforce with our staff the importance of both data protection and appropriate checks and processes.

“We’re considering what further training, support and checks could be implemented to prevent these sorts of errors occurring in the future.”

The action group posted on social media: “We’ve been informed by a parent that they’ve received a hard copy of someone else’s EHCP in the post. The parent is reporting it to CBC and the ICO.”

Hide Ad
Hide Ad

The council said after the data breach earlier this year: “CBC takes its responsibility of looking after people’s personal data extremely seriously, and measures are taken to educate staff on protecting personal and sensitive information.

“This includes compulsory training for all staff at the local authority. Regrettably, some data was accidentally released last month.

“We’ve contacted the parents of all those affected to make them aware and to apologise for the incident.”

A previous CBC data breach was described as a “complete failure of process” when the names of dozens of children with SEND were included in a response to a parent’s question in an email two years ago.

Hide Ad
Hide Ad

The inquiry, asking the council to provide the number of children with SEND without school places for September 2022, led to council officers posting a list of the names on the public website whatdotheyknow.com.

Independent Ampthill councillor Mark Smith said at that time: “The council suffered a major data breach on May 9 (2022) by publishing these children’s names online potentially putting them at risk.

“The FOI request clearly stated the parent wanted statistics, not the names of these children. I find it amazing our system failed so badly, to go through two sets of officers, a complete failure of process. This is an appalling breach of GDPR.” CBC issued a full apology and said it was extremely sorry.

Comment Guidelines

National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.