SOUTHAMPTON City Council officers breached data rules more than 60 times in the past year, it has been revealed.

The authority disclosed that information being sent to the wrong recipient – such as emails or posted letters – was the most common cause of the breach.

In total, 90 internal security incidents were reported, and following investigations, 62 were found to be breaches of data.

In the documents released by Southampton City Council, it also revealed that three of these were considered serious enough to be reported to the Information Commissioner’s Office – the independent government body that protects data privacy.

The incidents included a spreadsheet containing sensitive information that was sent out, in error, as part of a Freedom of Information (FOI) response, and another spreadsheet containing “sensitive personal data” was published on the authority’s website – which the council said was as part of its “transparency obligations”.

An employee was also found to have accessed information held by the council without a “legitimate reason to do so”. A council spokesperson confirmed the person involved “no longer works” for the authority.

Nevertheless, the commissioner’s office determined that no further action was necessary to any of the issues as the council had already put “adequate and robust remediation plans (in place) to ensure that such errors did not reoccur.”

A council spokesperson said: “Although not a legal requirement to do so, the council publishes its annual data breach statistics as a responsible public authority and in order to promote transparency.

“The council’s recorded data breach statistics compare favourably to other similar local authorities.”

When asked about how it will protect against breaches in the future, the spokesperson added: “The council has robust reporting and investigation procedures in place. Every known data breach is investigated and where appropriate, remedial measures are put in place to help ensure that lessons are learned and such breaches are not repeated.

“The Information Commissioner (ICO) understands the council takes data security seriously and when issues are reported to the ICO with a remediation/action plan to date the ICO has not found the council in breach and accepts our plans are robust.”

The documents were presented to councillors at the authority’s Governance Committee.

This comes as new rules regarding data breaches come into force in May under the Data Protection Act 2018. This included the General Data Protection Regulation (GDPR), which was designed to modernise laws that protect the personal information of members of the public.