Nuneaton and Bedworth Council data breach shows power employees have

The recent prosecution over the Nuneaton and Bedworth Council data breach incident shows just how much power employees can have, and the damage that it can do.

Although access to data for many is essential, this incident showed how data can be blatantly misused for personal gain. If you haven’t heard about this one, you may be shocked to learn what happened.

In short, a former council employee accessed data and shared it with his partner who had applied for a job at the local authority. She was awarded the position, although the contract has since been terminated. The employee has also resigned and been ordered to pay costs and fees of over £1,400.00.

The Nuneaton and Bedworth Council data breach incident

The Nuneaton and Bedworth Council data breach incident stemmed from the former head of building control at the local authority, Kevin Bunsell, sharing data with his partner. His partner had applied for a job with the authority, and as a result of Bunsell’s personal relationship with her, he was duly not involved in the recruitment process.

However, Bunsell went ahead and accessed the information for the other competing candidates and shared it with his partner. We can only assume this was a deliberate effort to try and assist his partner in getting the role, which she was subsequently awarded.

Information shared in the breach included the other candidates’:

• Names;
• Addresses;
• Telephone numbers;
• CVs;
• Reference information.

The incident took place in 2017. The Information Commissioner’s office (ICO) has since prosecuted Bunsell, who also resigned from his position as well.

Why the Nuneaton and Bedworth Council data breach is such a worry

No one can dispute how important quick and easy access to information is for people to be able to work quickly and efficiently. That being said, the ability to access such information comes with a huge amount of responsibility on the part of the employees. Employees should know that they simply cannot access and process information without a legitimate need to do so. This was an obvious breach, and we can only assume Bunsell knew full well what he was doing, and that his actions were illegal.

A huge number of the data breach compensation claims we help people for involve councils and local authorities. This kind of deliberate breach should never happen.

Speaking about the case, the ICO said:

“People who supply their personal information to an organisation in good faith, such as when applying for a job, have a legal right to expect it will be treated lawfully and ethically. Not respecting people’s legal right to privacy can have serious consequences, as this case demonstrates. Not only might you face a prosecution and fine, along with the attendant publicity, but you may also lose your job and severely damage your future career prospects.”