Charity disputes Islington Council account of latest data leak and reveals domestic violence details included
13:34 03 August 2012
Islington Council’s account of its latest large-scale data blunder has been disputed by the website which exposed the error.
In its official statement, the town hall insisted the details of nearly 2,400 residents uploaded to the web page WhatDoTheyKnow (WDTK) were only contained in “hidden” parts of the document, which required “a detailed knowledge of spreadsheets” to access.
However, a spokesman for democracy and transparency charity mySociety, told the Gazette: “We disagree with the council’s description of events on this point. The personal data of 309 individuals had not been hidden and was immediately visible to anyone who opened it. The other two workbooks contained personal data of the rest of the people who were affected, but this data was on hidden sheets and would not have been immediately visible.”
The council this week refused to respond to the claims.
The data was released in response to a Freedom of Information (FoI) request through the WDTK website, where it was published online on June 26. It remained available for 19 days.
MySociety disclosed other details left out of the council’s account, including:
n The council released whether individuals were victims of domestic violence, as well as their name, address, gender, race, relationship status, religion and sexuality.
n A council officer attempted unsuccessfully to retrieve the original e-mail, suggesting someone may have noticed the mistake.
n A second e-mail was sent, which still included all the confidential information – albeit now all in “hidden” worksheets.
n This is believed to be the first time mySociety – which has handled more than 120,000 FoI requests – has referred a case to the Information Commissioner’s Office.
n It was sheer luck that the mistake was spotted by a volunteer at the website.
Tom Steinberg, of mySociety, wrote on the charity’s website: “Shortly after sending out these files, someone within the council tried to delete the first e-mail using Microsoft Outlook’s ‘recall’ feature.
“A short while later, the council sent a ‘replacement’ FoI response that still contained a large amount of personal information, this time in the form of hidden Excel tabs... uncovering such tabs takes seconds, and only basic computer skills.
“At no point on or after June 26 did we receive any notification from Islington (or anyone else) that problematic information had been released not once, but twice.
“It was only by sheer good fortune that our volunteer happened to stumble across these documents some weeks later.”
A letter sent out by Islington Council owning up to its latest shocking data blunder contained another glaring mistake – leaving residents wondering if the council is doing anything at all about the leak.
The note, posted to nearly 2,400 residents whose details – including their sexuality – were published online, simply contained a blank space under the heading “What is the council doing about this?”
After the gap, it moved onto another section, headed “What should I do?”