Data leak fears raised over dumped Portsmouth City Council computers ‘that may have not been wiped’

Old Portsmouth City Coucil computers have not been wiped, leading to data breach concerns
Old Portsmouth City Coucil computers have not been wiped, leading to data breach concerns
The Invincible, on Wickham Street, Portsmouth. Picture: Chris Moorhouse

Campaign group welcome pub re-opening but say concerns remain over development plans

0
Have your say

COUNCIL hard disks that may not have been properly wiped could lead to penalties over data law breaches.

Portsmouth City Council could face hefty fines under General Data Protection Regulations after it was discovered that for the past two years contractors have not been obliged to erase data when removing old computer drives.

Auditors revealed the discrepancy in a report that was discussed at today’s governance and audit and standards committee. They were unsure if any drives were affected due to council records that were deemed ‘not sufficient.’

Councillor John Ferrett, said: ‘In the past few months it has been hammered into us the importance of data protection and then we see something like this, it’s frightening.’

Cllr Ian Lyon added: ‘For years IT has been the worst part of the council and it is still awful.

‘Why can’t we wipe the disks before they’re collected? Why can’t we do it ourselves? It is ridiculous that this is done externally.’

Since February 2016 contractors XMA were not bound by any regulations regarding data protection.

Tory councillor Simon Bosher voiced fears about GDPR penalties. He said: ‘This has been bumbling along for two years. How is it that we have got a contract that has not been looked at or reviewed for the best part of two years?’

‘The government gives out massive fines for breaching data protection. Are we at risk of a massive fine?’

However, the council’s city solicitor and deputy chief executive, Michael Lawther, was confident the data was safe. ‘The risk of data being revealed is quite low. For the past six to eight years we have been encrypting our hard drives,’ he said.

‘If the data is encrypted it is of no concern. Some disks might be older than that but we do not know that yet.’

The report also showed that £8,000 worth of council IT equipment was unaccountable.

Cllr Ken Ellcome said: ‘What concerns me most is the missing equipment. The percentage of what we can’t find is still quite staggering.’

Elizabeth Goodwin, the chief internal auditor at the council, said: ‘I don’t want to cast aspersions that anybody has been stealing but I can’t say either way.’