SOUTHEND Council has been reprimanded following a data breach which saw the personal details of 2,000 staff and councillors made public.
Last May, the council reported itself to the Information Commissioner’s Office after the breach occurred when it inadvertently included an excel spreadsheet relating to personal staff details in an answer to a Freedom of Information Request.
The council could have been hit with a six-figure fine for the breach, but the ICO has ordered the council to ensure staff receive additional training to avoid further breaches.
Daniel Cowan, Labour leader of the council, has confirmed the council has updated its Freedom of Information protocols, provided additional training and introduced additional “stringent” checks.
In a report on its judgement, the ICO said: “The spreadsheet was a list of the personal details of council employees and former employees, and certain other groups of people associated with the council such as agency workers and office holders.
“The list of employees and former employees contained a significant amount of personal information, including special category data and listed contact details, employment and pay details, and health, gender and ethnicity information.”
It added evidence showed the cause of the breach was a lack of proper checks for hidden data linked to a lack of staff training. The ICO said this was a cause for concern given the large amount of data the council handles and “the potential for a significant amount of damage to be caused to the data subjects impacted”.
A spreadsheet containing anonymised job role data for one department was uploaded to FOI website What Do They Know in response to the freedom of information request on May 17.
In mitigation, the ICO said there was no evidence the information had been republished by anyone other than WDTK.
Mr Cowan said: “Following our self-reporting of a potential data breach to the Information Commissioners Office at the start of November 2023, we have now received their formal response.
“We welcome the Information Commissioner’s findings and for their recognition of our swift remedial steps to strengthen our approach to Information Governance and the action taken since.
"We have updated our Freedom of Information protocols, provided additional staff training, and introduced more stringent checks to ensure that personal data remains secure.
“We accept the ICO’s recommendation regarding further training, which is already being progressed.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel