ICO criticises city council in Portsmouth over data leak

The information Commissioner’s Office (ICO) has revealed details about an unintended data leak which saw Portsmouth City Council hand over sensitive information about a local resident, after a request was made for details relating to another person entirely.

The ICO said that this occurred after a subject access request, during which a worker neglected to fully redact the documents before distribution, allowing private information to leak.

The ICO investigated this incident and revealed some worrying facts. Firstly, the person who was charged with redacting the documents was not directly in the employ of the council and, secondly, they were not adhering to the regulations relating to terms of service.

In addition, the ICO concluded that staff had not been properly instructed on how to handle and protect personal data.

The ICO’s Mick Gorrill, said that this data loss incident could have been prevented had those involved been subjected to rigorous instruction relating to the requirements of the Data Protection Act, backed up by managerial support.

Mr Gorrill said that unnecessary stress and worry could have been caused as a result of these careless actions on behalf of the council, particularly as the individual who had details exposed was completely unrelated to the issue covered by the request.

The council has said that it is aware of the severity of this incident and will endeavour to make sure that it does not recur. The ICO is hoping that this event will act as further incentive to other local authorities around the UK, resulting in a greater degree of compliance with the DPA, even when outsourcing work to third party firms.

The council head, David Williams, followed in the footsteps of other leaders by committing to an ICO formal undertaking, that will require improved training and greater data monitoring within the organisation and across its external contractors.

Experts are concerned that the ICO’s powers to fine up to half a million pounds for data loss and DPA breaches, is not really enough to encourage public sector organisations to change their policies and improve security, leading some to call for greater powers to be handed out to the regulator.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal