The Information Commissioner’s Office has concluded that New Forest District Council was in breach of the terms of the Data Protection Act (DPA), when in 2008 it exposed the details of private citizens online.
The data leak occurred when the council made public details of an application for planning permission, while failing to omit information which could have been exploited. This led to a complaint from the implicated party.
The ICO said that while the council had initially made the mistake of distributing the data via the internet, it had reacted swiftly to rectify the situation and prevent any further access to the information.
Despite the appropriate response in this case, a member of the public kept tabs on the council’s activities over the following months and alleges that similar failings in data protection were easily observable.
The ICO said that it has carried out an investigation which was able to unearth private data as recently as July 2010. As part of its review of the council’s operation, it questioned a number of employees.
The ICO’s Sally-Anne Poole said that following on from the incident and its investigation, it is now confident that no further incidents of data loss similar to this will occur from within this particular organisation.
Poole explained that the council has implemented a number of new policies governing the way in which data is handled and the ICO is satisfied that this should help to stem further leaks.
Poole pointed out that the ICO did not expect public or private sector organisations to be completely watertight when it comes to data and adherence to regulations, but that it did want to see evidence that attempts were being made to work closely within regulations, so that the integrity of private details is retained.
Critics of the ICO have pointed out that it has once again failed to impose a monetary penalty as a result of this data leak, despite the fact that it can seek up to half a million pounds for a serious breach of the DPA.