Data leak lands Islington Council with £70,000 fine
PUBLISHED: 10:36 06 September 2013 | UPDATED: 10:36 06 September 2013
An investigation into a catastrophic data leak which resulted in the sensitive details of more than 2,000 residents being published online has landed Islington Council with a massive £70,000 fine.
The town hall has also been slammed in an accompanying report by the Information Commissioner’s Office (ICO) for a “lack of training” among staff which lead to names, addresses, gender, sexuality and religion being made public in a bungled Freedom of Information request.
The mistake – which appeared on the What Do They Know (WDTK) website and also included residents’ history of mental illness or whether they had been victims of domestic abuse – was the second of three data leak scandals to hit the council last year.
It is still awaiting the outcome of a probe into the first fiasco which saw the names, street names and telephone numbers of 51 residents of the Andover Estate in Finsbury Park inadvertently handed to gang members they had reported to the town hall’s anti-social behaviour hotline for terrorising their neighbourhood and smoking drugs.
At least six families had to be rehoused and police patrols were stepped up – which cost taxpayers’ £50,000, according to the Lib-Dems.
In a separate case, 140 residents’ addresses were released in an email about the council’s Resident Improvement Taskforce.
In its report into the website blunder released last week, the ICO found that the council’s information governance officer (IGO) failed to spot the Excel spreadsheet submitted to WDTK on June 26 last year contained hidden details of 2,375 applicants for council houses or council tenants – which could have easily been found with anyone with a “basic knowledge” of the programme.
Officials were alerted and made two further botched attempts at sending the spreadsheet. But it wasn’t until almost two weeks later that a volunteer administrator for WDTK noticed the error and removed the data from online.
ICO head of enforcement, Stephen Eckersley, said:“This mistake not only placed sensitive personal information relating to residents at risk, but also highlighted the lack of training and expertise within the council. Councils are trusted with sensitive personal information, and residents are right to expect it to be handled in a proper way.”
Islington’s Lib-Dem leader, Cllr Terry Stacy, one of those who reported the council to the ICO, said: “This is just one of three data breaches by the council in the past year and it is clear that something has gone very wrong in the organisation. Residents will understandably have lost confidence in the council.”
A spokesman for the council said more rigorous checks are now in place. “The person who released the data did not have sufficient knowledge of spreadsheets to recognise the error or to put it right. All of our employees who are tasked with responding to FOI requests have now had additional training. We recognise it is our responsibility to protect people’s personal data, and we failed. We’re very sorry for that.”
The council will pay the fine promptly to take advantage of a 20 per cent discount, reducing the penalty to £56,000.