London council gets £70,000 penalty for data breach

The Information Commissioner's Office (ICO) serves Islington Council with penalty of £70,000 for releasing over 2,000 residents’ details online

The Information Commissioner’s Office (ICO) has served Islington Council with a monetary penalty of £70,000 for releasing over 2,000 residents’ details online.

The information was inadvertently released in response to a freedom of information (FoI) request in contravention of the Data Protection Act.

The data included sensitive personal information relating to residents’ housing needs, including details of whether they had a history of mental illness or had been a victim of domestic abuse.

The FoI request had been made through the What Do They Know (WDTK) website, where responses are uploaded and published. 

The council released three spreadsheets in June that related to the work of the authorities’ Housing Performance Team.

However, the council failed to spot that the documents contained the details of 2,375 residents who had either submitted applications for council housing, or were council tenants.

These details were published on the WDTK website and remained available until 14 July, when an administrator working for the site identified the error, removed the information and reported the matter to the ICO.

The ICO’s investigation found that the council had been alerted to the problem shortly after the first spreadsheet was published, but failed to correct the error. This resulted in the other two spreadsheets being released with the same problem.

“This mistake not only placed sensitive personal information relating to residents at risk, but also the highlighted the lack of training and expertise in the council,” said ICO Head of Enforcement, Stephen Eckersley.

The ICO investigation found that the breach occurred due to a lack of understanding of pivot tables used in spreadsheet programs to summarise large amounts of data.

The tables retain a copy of the source data used and, although this information is hidden from view, it is easily accessible.

Islington Council used the tables to show statistics on how housing had been allocated to residents, but failed to remove the source data, and so sensitive personal data about tenants was revealed.

 The ICO’s Head of Policy Steve Wood recently published a blog explaining the problems caused when public authorities fail to recognise the information retained in pivot tables.

The ICO is currently investigating a number of other authorities that have also made similar errors.

Read more on Privacy and data protection

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Great, so the council screws up, and gets a fine.

So who suffers because of this fine ?

Well it's not the council all they'll do is plead poverty and cut services so the people who had their details inadvertently released, will suffer again.

We need a better solution for Councils and Government departments than fines.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close