NORTH Yorkshire County Council (NYCC) had 259 data breaches from September 2021 to September 2022.
The number of data breaches was revealed by a freedom of information request submitted to the county council on November 30, 2022.
There were 66 data breaches from October to December 2021, 72 from January to March 2022, 59 from April to June 2022, and 62 from July to September.
NYCC defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.”
READ MORE: Tree trail to remember those who lost their lives to Covid in North Yorkshire
A spokesperson for the county council was unable to say the type of data that had been lost or stolen - or confirm if any had been at all.
Cllr David Chance, executive member for corporate services at NYCC said he had not received a breakdown of the data breaches, but “suspected they are relatively minor and down to human error, given the number of cyber-attacks, phishing emails and trojans”, which are blocked daily.
In answer to what is being done about these breaches, a NYCC spokesperson said the council has mandatory cyber security training in place for staff and regularly sends out newsletters and updates on the matter.
Cllr Chance added: “Every data breach is assessed for its risk to the data subjects, the SIRO (Senior Information Risk Owner) is alerted, and the responsible service area makes mitigations to reduce the risk of that data breach re-occurring or reduce the risks if it does reoccur.
'Extremely difficult' for training to cover all issues
He said that every case is different so it would be “extremely difficult” to provide training covering all of the breaches, but did suggest key areas for training.
These include adapting processes to reduce personal data being transmitted, adopting “file naming conventions” so it is easier to identify correct files, and disabling email address autofill.
READ MORE: BBC viewers say ending of Happy Valley was 'rushed' with storylines unresolved
Cllr Chance explained that training using a Boxphish training package has been sent out to users, but “is not mandatory”.
At present, he said the council is “seeing around 43 per cent (22,259) of users completing the courses”.
Five laptops and one tablet lost or stolen
The FOI request also revealed that from September 2021 to September 2022 there had been five laptops and one tablet lost or stolen from NYCC – all of which were encrypted and password protected.
The county council spokesperson said the cost of replacing this equipment was £3,964.64 and was paid from the council’s IT hardware budget.
Cllr Chance said: “Given that we have over 15000 employees I consider that the loss/theft of equipment is within acceptable parameters, though we should strive for no loss at all.
“I am not aware that the loss of these pieces of kit was responsible for any data loss.
READ NEXT: Retailer to close two North Yorkshire stores
“Access to hard drives is restricted to necessary use and all drives are segmented accordingly.”
The FOI request further revealed that the county council does not have an existing cyber insurance policy in place.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here