SEND Data Breach at Central Beds Council is Reported to Information Commissioner's Office


On Monday afternoon, Central Bedfordshire SEND Action Group received a Freedom of Information (FOI) response from CBC which included the full names of dozens and dozens of SEND children and information about whether or not they have a school place for September 2022.

Having alerted CBC and the Information Commissioner, they waited for the information to be taken off the public website whatdotheyknow.com before notifying their followers on Facebook. As it was available on a public website on Monday afternoon, it could have been downloaded by anyone.

Independent CBC Cllr Dr Hayley Whitaker, commented, “This is a truly shocking data breach, a new low for CBC”

Labour CBC Cllr Toni Ryan commented, “Absolutely appalling, especially after the years of negligent CBC has shown these families.”

Independent CBC Cllr John Baker commented on his Facebook Page, “Independent councillors had already warned the Council that its practices were not up to scratch. A year ago, I wrote the Council after it sent a parent confidential information about their child via a public weblink which would be valid for 15 days. I told the Council that this link should have been password protected at the very least.

“Furthermore, the Council is becoming familiar with fines for its Children's Services Department. I recently highlighted an example of how it was penalised for a child missing school for a year. I understand there have been more than £12,000 of fines in the last 2 years alone.”

News Desk asked Central Bedfordshire Council for a comment on this data breach and today (Tuesday 10 May) this was received: 

A council spokesperson, said: "Central Bedfordshire Council takes its responsibility of looking after people’s personal data extremely seriously and our employees receive regular training and reminders around protecting personal and sensitive information.

"Regrettably we were made aware of data being accidentally released to a public website on Monday afternoon, but our officers worked swiftly to get the information removed. We are extremely sorry to all of those affected and we are in the process of contacting all of the families affected to apologise directly.

“We have reported the incident to the Information Commissioner’s Office and we will be working positively with them. We have already made changes to our procedures in response to this incident and will quickly act on any feedback from the ICO to make our data protection systems even more robust."