Stolen device containing personal info among four data breaches at City Hall in 2019 and 2020

A STOLEN device containing personal data and mislaid documentation are some of the instances of data breaches within City Hall between 2019 and 2020.

The Data Protection Commission confirmed to The Echo that it had been notified of four breaches of data regulations by Cork City Council since the start of 2019.

One of those breaches is referred to by the data protection commission office as “information found in a public place.” 

That is understood to relate to a case in April 2019, when a number of parking offence warning letters containing names, addresses, car registration numbers, and offence details were found by a member of the public outside City Hall.

However, the Data Protection Commission said they weren’t in a position to provide further information on the other breach notifications they received.

City Hall, meanwhile confirmed that the theft of a mobile device and administration errors such as “documentation inadvertently left in a printer, documentation mislaid, an e-mail inadvertently sent to the wrong recipient, and inadvertent publication of personal information online” were some of the issues involved.

The Data Protection Commission spokesperson told The Echo: “The Data Protection Commission has received four breach notifications from Cork City Council since the beginning of 2019.

“The breaches notified related to unauthorised disclosures of information due to administrative errors, a device containing personal data that was stolen and information found in a public space.

“We have engaged with Cork City Council on all notifications received and understand it has implemented mitigation measures to prevent such incidents reoccurring.” It was confirmed to The Echo that there were ten data breaches reported in City Hall since the start of 2019, however most were considered to be low risk.

A spokesperson for City Hall said: “In terms of mitigation actions taken, additional security measures have been implemented and staff re-training has taken place in relation to the administrative errors outlined.” 

It comes following another data breach in 2018, when data relating to the Cork City Park by Phone service was accessed.

At the time City Hall issued a statement to say that while mobile phone numbers, email addresses and car registrations may have been accessed, no personal bank accounts or details were accessed, no balances were altered, and no passwords were compromised.