by Jo Earle

Kent County Council has been ranked the second worst authority in the UK for losing sensitive and personal information - including details of children.

According to research from the civil liberties campaign group Big Brother Watch, in the past three years the council has had 72 cases of data being lost or stolen.

These include:

• Scanned case notes relating to children found on Facebook. It contained information that would identify individuals
• An outreach worker who lost a memory stick travelling from one school to another. It contained personal data of 30 pupils from 16 schools including assessment results
• A 2010 diary which was left on top of a car. It contained details of appointments with clients
• Asocial worker's carbroken into, containinga laptop and diary holding client information
• A child's report sent to thewrong set of parents
• CSS child protection team faxed information, containing sensitive personal data about a child, to the wrong NHS team
• An email plus attachment sent by the Learning Disability Team to the wrong recipient. It contained sensitive personal data about a client
• A primary school sent unsuccessful application emails copying all other unsuccessful applicants in
• An individual's NHS records found behind a desk. This included immunisation records and schools attended
• A laptop carrier left on a car roof containing information about social care contracts

According to the report, Buckinghamshire came out as the worst authority, with Essex placed below Kent in third place.

Almost all local authorities responded to the Freedom of Information request, which covered loss of personal information by council employees and contractors between August 3 2008 and August 3 2011.

Maria Fort, research director of Big Brother Watch, said: "It's extremely worrying.

"This research highlights a shockingly lax attitude to protecting confidential information.

"A lot of the data belonged to vulnerable individuals, and parents should be concerned.

The key findings nationally

A total of 132 authorities were involved in 1,035 incidents of data loss

At least 35 councils lost information about children and those in care

The information of at least 3,100 children, young people or students was compromised in 118 cases

At least 244 laptops and portable computers were lost

A minimum of 98 memory sticks and more than 93 mobile devices went missing

Of the 1,035 incidents, local authorities reported that just 55 were reported to the Information Commissioner's Office

Just 9 incidents resulted in termination of employment

"These are public sector employees who are handling private information.

"If it's not made clear to them from the start how information needs to be treated and handled then we will continue to see these breaches taking place.

"this research highlights a shockingly lax attitude to protecting confidential information" – maria fort, research director of big brother watch

"It's dangerous and guidance needs to be clear."

The report comes a month after The Information Commissioner's Office reported the Dartford and Gravesham NHS Trust breached the Data Protection Act by accidentally destroying 10,000 archived records.

The records, which should have been kept in a dedicated storage area, were put in a disposal room due to lack of space.

The records were then mistakenly removed from the room and destroyed.

The hospital failed to realise the information was missing for three months.

David Smith, from the Information Commission's Office, addressed the latest local authority blunders.

But he said the blame should lie with individuals.

He added: "There is an element of individual members of staff being careless, but it's the lack of proper training for them.

"Storing data on memory sticks and laptops is a real problem."

A Kent County Council spokesman said it was no surprise the authority came out close to the top in the survey, as it was the largest shire county.

But he added: "Clearly, we would look at each case individually and take appropriate action depending on the severity of the case, which could include dismissal.

"We have a robust information security incident protocol in place, so consequently we log, monitor and investigate all reports of any alleged security breaches, regardless of cause or eventual outcome."

The spokesman said some of the incidents were beyond employees' control, such as in cases of theft.

"We are continually monitoring our procedures to make sure we have the correct policies in place to be able to deal with such incidents of personal data being lost, stolen or shared inappropriately."