Councils responsible for over 1,000 data loss incidents since 2008

A whopping 132 local authorities have between them lost sensitive data on citizens on more than 1,000 occasions since 2008, according to data unearthed by privacy advocates Big Brother Watch (BBW).

Even more worryingly, just 55 of these incidents were reported to the Information Commissioner's Office (ICO), while only nine workers were sacked as a result of losses they caused, despite information on children being routinely put at risk.

The report also found that mobile devices remain one of the most common sources of data loss, with 244 laptops, 98 memory sticks and 93 mobile devices lost or stolen during the three-year period.

The worst authorities were Buckinghamshire and Kent with 72 incidents, while Essex had 62. Notable incidents uncovered by BBW include a USB stick lost by a local authority in Birmingham containing details on 64,000 people.

Commenting on the figures, BBW director Nick Pickles said in a blog post that local authorities must be made to take their data handling obligations more seriously.

"The growing volume of personal information held by local authorities is a significant threat to personal privacy and civil liberties," he said.

"This report highlights how, despite data protection law, not enough is being done to ensure sensitive information is held securely and protected."

A spokesperson for the ICO said that while councils are not legally obliged to inform the watchdog over every data loss incident it urged them to do more to protect their data.

"It's vital local authorities properly live up to their legal responsibility to keep personal data secure. Four out of the six monetary penalties that we've issued so far have involved data losses at councils," they said.

"Our concern isn't just that councils have the right policies and procedures in place; it's about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature."

The ICO added, though, that in an attempt to improve local government's data handling it is making a formal request to the Ministry of Justice to be able to carry out compulsory audits of authorities' data handling procedures.