A UK council has breached the Data Protection Act after placing planning applicants' personal data on its website.
New Forest District Council was caught out by a local resident after the authority failed to remove personal data about them from its site.
After the complainant noted the discrepancy and the council removed the relevant data, the resident continued to monitor the site to find the council was publishing sensitive information on other Hampshire applicants.
In July, the Information Commissioner's Office (ICO) visited the council to check systems and interview the relevant staff.
The data protection watchdog then decided the council was taking the right steps to mitigate any chance of another breach.
"While we appreciate it is difficult for any organisation to give a 100 per cent guarantee that they will comply with the Act, we expect authorities to put the most effective data protection measures in place and to ensure they are upheld," said Sally-Anne Poole, enforcement group manager at the ICO. "We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action."
The ICO is yet to use its fining powers, but information commissioner Christopher Graham said they would be used this month.
An ICO spokesperson confirmed to IT PRO a fine would be handed out "shortly."
