Basildon Council lands £150,000 fine by ICO after revealing family’s personal details

Authority exposed personal data including mental health issues

The Information Commissioner's Office (ICO) has fined Basildon Council 150,000 for publishing online the personal data of a traveller family.

The authority breached the Data Protection Act by making publically available data on the family in a planning application.

The ICO discovered that the council received a written statement in support of a householder's planning application for proposed works in a green belt. The statement contained sensitive personal data relating to a static traveller family who had been living on the site for many years.

Advertisement - Article continues below

It referred to the family's disability requirements, including mental health issues, the names of all the family members, their ages and the location of their home. The council published the statement in full, without redacting the personal data, on its online planning portal later that day.

An investigation by the ICO found that the council failed to carry out data protection procedures and training. It was revealed that an inexperienced council officer didn't notice the personal information in the statement, and there was no procedure in place for a second person to check it before the personal data was inadvertently published online. The information was only removed on 4 September 2015 when the concerns came to light. 

Advertisement
Advertisement - Article continues below

While the council had routinely redacted personal data from planning documents a practice also adopted by other local authorities Basildon subsequently argued it was not, in fact, allowed to do so under planning law. This was rejected by the ICO, which said planning regulations could not override people's fundamental privacy and data protection rights. It added that publication of planning documents online was a choice, not a legal requirement.

Advertisement - Article continues below

"This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available," said ICO enforcement manager Sally Anne Poole. 

"Planning applications in themselves can be controversial and emotive, so to include such sensitive information and leave it out there for all to see for several weeks is simply unacceptable."

"Data protection law is clear and planning regulations don't remove an individual's rights. Local authorities and, indeed, all organisations must be certain that their internal processes and procedures are robust and secure enough to ensure that people's sensitive personal information is protected," she added.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/policy-legislation/general-data-protection-regulation-gdpr/355337/ico-will-reduce-gdpr-fines-due-to
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
Visit/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Apr 2020
Visit/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019

Most Popular

Visit/security/ransomware/355891/nasa-it-contractor-ransomware-hack
ransomware

Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020
Visit/security/exploits/355866/critical-vmware-cloud-director-exploit-lets-hackers-seize-corporate
exploits

VMware Cloud Director exploit lets hackers seize corporate servers

2 Jun 2020
Visit/data-insights/data-science/355678/how-data-science-is-transforming-business
Sponsored

How data science is transforming business

29 May 2020