The loss of a laptop with details of 200 school children was among dozens of “disturbing” data breaches by north and north-east councils in recent years.
A new report released by the privacy campaign group Big Brother Watch found UK local authorities flout information rules an average of four times every day.
The study showed there were 4,176 data breaches across Britain between 2011 and 2014 – a four-fold increase on the previous four years.
A total of 11 breaches were reported from Aberdeenshire Council in the period, including the loss of a laptop containing unencrypted school reports and other details about 200 youngsters in August 2011.
The local authority said last night that the laptop was stolen during a break-in at an employee’s locked home, and that it was later recovered by police.
Other breaches highlighted in Aberdeenshire included the release of personal data as part of a Freedom of Information response, and a paper file being lost after being left on the roof of a car.
There were 13 data breaches at Aberdeen City Council in the period, according to the report, mainly relating to the access of confidential information by unauthorised individuals.
Moray Council reported 12 breaches between 2011 and 2014, including papers being left in a café and a pen drive being found containing personal files.
Three breaches were recorded at Highland Council, with the incidents described as “negligent behaviour regarding laptop and sensitive data”, as well as “unacceptable use of ICT and access to files for personal use”, and “release of confidential information”.
Argyll and Bute Council and Orkney Islands Council both reported one breach during the period.
Emma Carr, director at Big Brother Watch, said: “Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them.
“A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing.
“With only a tiny fraction of staff being disciplined or dismissed, this raises the question of how seriously local councils take protecting the privacy of the public.”
She added that far more should be done to prevent and deter data breaches from occurring.
“Better training, reporting procedures and harsher penalties available for the most serious of data breaches, including criminal records and custodial sentences are all required,” she said.
“Until we see these policies implemented, the public will simply not be able to trust local councils with their data.”
A spokeswoman for Aberdeenshire Council said: “In August 2011 a laptop containing school pupil reports, language profiles and lessons was stolen during a break-in of an employee’s locked home.
“The laptop was later recovered by police and no disciplinary action was taken as the member of staff was not at fault.
“Aberdeenshire Council was at the time in the process of encrypting all laptops, a process that has since been completed.
“All council employees must undertake mandatory training surrounding the Data Protection Act 1998 as part of staff induction.”
A Moray Council spokesman said: “We take our responsibility under the DPA very seriously, and following all the breaches detailed we either undertook refresher training or a review of processes.
“What the report fails to demonstrate is the impact of the breaches; we are confident that our prompt actions following each breach meant that no damage was caused to individuals or their reputation.”