ICO called on to punish Milton Keynes Council

The Information Commissioner's Office (ICO) has been called on to reprimand Milton Keynes Council for a data breach which exposed citizens' information.

The local authority admitted to accidentally posting results from a residents' survey on its website, revealing addresses and phone numbers of 50 participants, the Milton Keynes Citizen reported.

Personal data from the survey, which asked for thoughts on a controversial park, remained online for around 18 hours towards the end of last week.

Dr Bob Ranger, who was against the play-park, was outraged by the council's actions.

"Anybody could have seen all those details in the time they were online. Nobody will accept responsibility or offer a genuine apology," Ranger said.

"We got a press statement written by the council's PR department that is supposed to count as an apology but adds insult to injury and inflames a delicate situation even more."

David Hill, chief executive of the council, said the organisation had apologised for the breach.

"Although not strictly required by the Information Commissioner's Office guidelines, we have notified a breach of the data protection legislation to the ICO and launched a data protection investigation," Hill added.

The Big Brother Watch called for the ICO to take action.

"This kind of basic mistake which seems to occur so often in local councils indicates both a lack of understanding of data protection and technology, as well as a lackadaisical approach to the privacy of local people," the privacy group said in a blog post.

"The Information Commission should investigate this case and punish those responsible."

The ICO received additional powers last year to fine companies up to 500,000 for data breaches. Thus far, the sum of fines handed out by the ICO is less than 500,000.

Last month, research indicated the ICO had fined less than one per cent of data breach cases since it was handed new powers.

"If the ICO continues to refuse to hand out punitive financial punishments for data protection breaches then they will keep occurring," the Big Brother Watch added.

"Simply asking public bodies to sign undertakings to improve staff training will not solve these problems."

At the time of publication, the ICO had not confirmed to IT PRO what action it was taking.

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.