London Council Fined for Releasing Residents' Personal Data

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The U.K. Information Commissioner's Office (ICO) recently fined London's Islington Council £70,000 after 2,375 residents' personal details were published online.

The data, which covered sensitive information regarding residents' housing needs, including whether they had a history of mental illness or had been a victim of domestic abuse, was mistakenly released in response to a freedom of information request placed through the WhatDoTheyKnow (WDTK) Web site, which publishes all responses received online.

According to the ICO, the breach resulted from a lack of understanding of pivot tables, which are used in spreadsheets to summarize large amounts of data -- but the source data remains accessible.

On June 26 and 27, 2013, the council released three spreadsheets, without noticing that they contained sensitive information on residents who had either submitted applications for council housing or were council tenants.

The data was available on the WDTK Web site until July 14, 2013, when an administrator working for the site noticed the error and removed the information.

"This mistake not only placed sensitive personal information relating to residents at risk, but also the highlighted the lack of training and expertise within the council," ICO head of enforcement Stephen Eckersley said in a statement. "Councils are trusted with sensitive personal information, and residents are right to expect it to be handled in a proper way. Unfortunately, in this case that did not happen, and Islington Council must now explain to residents how it will stop these mistakes being repeated."