Data transparency backfires as councils lose £7 million


Local councils have lost 7 million in the space of a year, after data published on their own websites was used by scammers against local authorities.

The Coalition has pushed for greater transparency across Government bodies and many have responded by posting data online.

That strategy appears to have backfired on councils, costing them millions in fraud.

"Fraudsters have sent letters to council finance teams that appear legitimate and often follow them up with phone calls to chase payments," a report from the Audit Commission read.

"The fraudsters gather the details about key creditors from the information that councils now publish on their websites. In our 2010/11 survey, councils reported several detected frauds of this type amounting to some 7 million."

Local public bodies have become increasingly successful at preventing these frauds by applying sound internal controls.

In one case, a fraudster contacted a local authority posing as an employee of a council supplier, asking the local authority to change payment details for that company.

Using a supplier invoice published on the council's website, the fraudster tried to dupe the local authority into sending 5 million to their own account.

In that case, thanks to additional protections installed by the council, the transfer was stopped.

"Local public bodies have become increasingly successful at preventing these frauds by applying sound internal controls," the report added.

"They have prevented about 20 million of such attempted fraud. Fraud warnings, such as those issued by the National Anti-Fraud Network, have helped raise awareness of the risks. However, fraudsters continue to target local public bodies."

Whose data is it anyway?

The financial losses were revealed a week after the Government launched its 'Midata' campaign, another part of its drive for greater transparency.

The initiative will see companies including Google, MasterCard and Visa enabling customers to ask for data on them held by companies. Citizens who ask for their information should receive it back in a standardised format.

Some have raised concerns Midata would backfire too, worried that businesses which sign up to the scheme would share data with one another for marketing purposes.

"Getting your data back is good. But Midata must be accompanied by a stronger Data Protection Act, with a right to delete your data, or consumers could be victims of parasitic data or finance companies tempting people to share more than is good for them," said Jim Killock, executive director of the Open Rights Group.

The Information Commissioner's Office (ICO), the UK's Data Protection Act enforcer, welcomed the Midata project.

"Midata presents an innovative and empowering opportunity for consumers," said information commissioner Christopher Graham. "It goes without saying that privacy and data security principles must continue to be upheld and I'm pleased that consumer data security has been a key strand from the outset."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.