A UK council has breached the Data Protection Act after placing planning applicants' personal data on its website.
New Forest District Council was caught out by a local resident after the authority failed to remove personal data about them from its site.
After the complainant noted the discrepancy and the council removed the relevant data, the resident continued to monitor the site to find the council was publishing sensitive information on other Hampshire applicants.
In July, the Information Commissioner's Office (ICO) visited the council to check systems and interview the relevant staff.
The data protection watchdog then decided the council was taking the right steps to mitigate any chance of another breach.
"While we appreciate it is difficult for any organisation to give a 100 per cent guarantee that they will comply with the Act, we expect authorities to put the most effective data protection measures in place and to ensure they are upheld," said Sally-Anne Poole, enforcement group manager at the ICO. "We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action."
The ICO is yet to use its fining powers, but information commissioner Christopher Graham said they would be used this month.
An ICO spokesperson confirmed to IT PRO a fine would be handed out "shortly."
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
