Basildon Council lands £150,000 fine by ICO after revealing family’s personal details

Authority exposed personal data including mental health issues

The Information Commissioner's Office (ICO) has fined Basildon Council 150,000 for publishing online the personal data of a traveller family.

The authority breached the Data Protection Act by making publically available data on the family in a planning application.

The ICO discovered that the council received a written statement in support of a householder's planning application for proposed works in a green belt. The statement contained sensitive personal data relating to a static traveller family who had been living on the site for many years.

It referred to the family's disability requirements, including mental health issues, the names of all the family members, their ages and the location of their home. The council published the statement in full, without redacting the personal data, on its online planning portal later that day.

An investigation by the ICO found that the council failed to carry out data protection procedures and training. It was revealed that an inexperienced council officer didn't notice the personal information in the statement, and there was no procedure in place for a second person to check it before the personal data was inadvertently published online. The information was only removed on 4 September 2015 when the concerns came to light. 

While the council had routinely redacted personal data from planning documents a practice also adopted by other local authorities Basildon subsequently argued it was not, in fact, allowed to do so under planning law. This was rejected by the ICO, which said planning regulations could not override people's fundamental privacy and data protection rights. It added that publication of planning documents online was a choice, not a legal requirement.

"This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available," said ICO enforcement manager Sally Anne Poole. 

"Planning applications in themselves can be controversial and emotive, so to include such sensitive information and leave it out there for all to see for several weeks is simply unacceptable."

"Data protection law is clear and planning regulations don't remove an individual's rights. Local authorities and, indeed, all organisations must be certain that their internal processes and procedures are robust and secure enough to ensure that people's sensitive personal information is protected," she added.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Big Tech Executives urge Congress to create corporate breach reporting rules
data protection

Big Tech Executives urge Congress to create corporate breach reporting rules

24 Feb 2021
Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Kia Motors allegedly suffers a ransomware attack
data breaches

Kia Motors allegedly suffers a ransomware attack

18 Feb 2021
Donald Trump’s one-time law firm allegedly suffers data breach
data breaches

Donald Trump’s one-time law firm allegedly suffers data breach

17 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021