ICO raps York Council after data breach
The ICO finds the City of York Council in breach of the Data Protection Act after employees mistakenly send data to a third party.


The City of York Council has been rapped by the Information Commissioner's Office (ICO) after a printer mix-up.
The local authority breached the Data Protection Act when an employee mistakenly collected personal data from a printer, before sending it incorrectly with other documentation to a third party.
Following an investigation, the ICO found there was a lack of quality control and management supervision.
"This case highlights the need for employees to take responsibility and ownership of tasks that involve handling personal data," said acting head of enforcement at the ICO Sally-Anne Poole.
"If the documents had not been left unattended by the printer and had been carefully checked before they were sent out then this situation could easily have been avoided." The City of York Council has signed an undertaking to ensure no personal data is printed when it was not necessary.
New quality control checks when documents are being sent out have been introduced at the council as well.
Another day, another breach
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The City of York revelations came a day after the ICO reported the Royal Cornwall Hospitals NHS Trust breached the Data Protection Act, again for disclosing information it shouldn't have.
The breach occurred in July 2010 when an individual asked for information the Trust held about them, but the Trust ended up sending out the wrong person's data.
Later that year, an almost identical occurrence happened to the same individual, although on that occasion the disclosed data related to a "third party."
"Just because staff are busy with requests, this does not mean they can stop doing adequate checks before information is sent out," Poole said.
Meanwhile, the ICO has been investigating separate data breaches at the University of York and at Play.com.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuse
News The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims
News Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlash
News UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime Agency
News The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failures
News The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firms
News Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failures
News The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaign
News HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled