BBC Reports on Possible 10 Year Data Breach by Welsh Council

Published on: 29th August 2018

This shocking story appeared on the BBC website on 29th August, and reveals that Ceredigion council's website may have contained information about residents for years, in a data breach of astonishing scale.

"Documents containing people's names, addresses and medical conditions were publicly available on Ceredigion Council's website on Thursday. The man who notified the council of the breach said he reported the same data on the council's website in 2007. The council said it had made a self-referral to the Information Commissioner's Office (ICO)." Read the full story here.

Ensuring that personal data is kept private and protected is at the heart of the 2018 Data Protection Act and GDPR, which came into force earlier this year. A key step that everyone who controls personal data must take is to audit the systems, devices and services that are used to store and manage personal data, and make sure that they are configured and used properly in line with the requirements of the Act and Regulation.

Leaving data on unsecured devices, systems and networks (including websites) creates the opportunity for a Data Breach. In such situations there is no guarantee that you will even know if a breach has occurred. As Ceredigion Council have done here, it is probably prudent to assume that in these circumstances a breach has already happened.

Make sure you know where your organisation's personal data is held, and how it is protected. Use PYXI for GDPR to help you audit your systems and services, and improve the data protection position of your organisation or business.

Sign up for PYXI for GDPR today for just £19+VAT per month.

PYXI GDPR Team: 29th Aug 2018 10:16:00