MID Devon District Council is now suffering “fewer data breaches” after 72 occurring in the past two years.
It suffered 40 data breaches during the 2022/23 financial year, according to figures it released in response to a resident’s questions.
Another 32 occurred in the most recent full financial year that ended in April.
Since then, just eight have taken place.
A report by auditors Devon Assurance Partnership (DAP) said the council’s managers were “now engaging proactively with information governance and reviewing processes for passing and sharing data”.
It added that this was producing “fewer data breaches”.
The report prompted resident Nick Quinn to query how many data breaches had occurred recently and whether they included personal data, to which the authority simply said: “Yes.”
He also asked what number was acceptable to the council and its internal auditor DAP.
“Zero data breaches are acceptable to DAP,” Mid Devon said.
“However, it is understood that mistakes can happen, and it is DAP’s responsibility to monitor the council’s practices and governance to ensure that the appropriate policies and procedures are in place to mitigate any risk/impact.”
Earlier this year, three former Mid Devon councillors said they were shocked after the authority accused them of data breaches.
Barry Warren, Bob Deed and Christine Daw received letters alleging them a “serious matter concerning (their) handling of confidential data”.
The letters added they “may have committed a data breach”, which the recipients suggested meant the council was unsure whether this had occurred or not.
Mr Warren, formerly an independent councillor, led the authority for three months in 2023, taking over from Mr Deed who resigned in February last year after holding the position for four years.
Ms Daw quit as a Conservative party member the same month, but retained her cabinet position as an independent member until the election last May when she stood down from the council.
A Mid Devon District Council spokesperson said in March that the authority took its legal responsibilities as a data controller extremely seriously, and it was with “some regret” that it had to write to the three former members.
“However, it is important that the council takes appropriate action to ensure the effective management of data in accordance with our policies,” it added.
Bradley Gerrard
LDRS