Council Published Residents’ Personal Details Online for Nearly a Year

Share This Post

In a significant lapse of data protection protocols, a council in south-east London inadvertently published personal details of 156 residents on its website. This breach, which lasted for nearly a year, involved the names, addresses, and contact details of individuals who had commented on a planning application related to Hither Green railway station. The information remained accessible online for 11 months before being discovered.

The council’s oversight was brought to light through documents released ahead of a recent council meeting. The breach was initially reported to officials in February 2024 by a vigilant member of the public, prompting an immediate response from the council. A cabinet member responsible for finance confirmed that the sensitive data had been removed promptly upon discovery.

The council decided not to notify the Information Commissioner’s Office (ICO), stating that the breach did not meet the threshold that would mandate such a notification. According to ICO guidelines, a data breach must pose a risk to individuals’ rights and freedoms to necessitate reporting. The council concluded that the exposed information did not include any “special category data,” which encompasses more sensitive details such as race, religion, sexual orientation, or health status.

In a statement, the council highlighted that much of the breached data was already publicly available. The data had been accessible for 11 months without any reported adverse impact, which influenced the council’s decision not to notify the ICO.

The council’s data protection officer used a breach risk matrix to assess the situation. The analysis concluded that the potential impact did not warrant escalation to the ICO. Despite the prolonged exposure, the absence of “special category data” and lack of reported harm were key factors in this decision.

An ICO spokesperson commented on the situation, clarifying the conditions under which data breaches must be reported. Organisations are required to notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms. If an organisation decides that a breach doesn’t need to be reported, they should keep their own record of it and be prepared to explain why it wasn’t reported if necessary.

While the council has faced criticism for the oversight, it has taken steps to address the issue. The affected individuals were informed about the breach, and the council has likely reviewed its data handling practices to prevent a recurrence.

This incident underscores the importance of stringent data protection measures, particularly for public bodies that handle sensitive information. The breach also highlights the need for continuous monitoring and rapid response mechanisms to mitigate potential risks associated with data exposure.

As data privacy concerns continue to grow, public institutions must ensure robust protocols to safeguard personal information. This includes regular audits, staff training, and clear procedures for handling data breaches. The council’s experience serves as a cautionary tale for other councils and public bodies, emphasising the critical nature of protecting residents’ personal data.

In conclusion, while the council breach did not result in significant harm, it raises important questions about data protection practices within public organisations. Moving forward, enhanced vigilance and adherence to data privacy guidelines will be essential to maintain public trust and prevent similar incidents.

Elliot Preece
Elliot Preece
Founder | Editor Elliot is an experienced journalist manager with a passion for writing. He played a pivotal role in building the News Write Ups website as a web developer and has since been leading the team of journalists to produce high-quality content. With his strong background in writing and web development, Elliot ensures that the website not only functions smoothly but also provides engaging and informative articles for readers.

Related Posts

Health Board Addresses Reasons Behind Surgery Cancellations at North Wales Hospital

The Betsi Cadwaladr University Health Board has provided clarification...

Football Club Appeals Battery Park Decision

A Scottish football club has lodged an appeal with...

Glasgow’s Historic Buildings Under Threat from Invasive Buddleia

In a growing battle against nature, Glasgow's iconic heritage...

Coastal Residents Voice Concerns Over Decline in Fisheries’ Health

A significant majority of residents in Scotland's coastal communities...