Flintshire Council notifies Information Commissioner’s Office following data breach

A COUNCIL has apologised and notified an information watchdog after a data breach saw the personal details of hundreds of respondents to a major housing blueprint made public.

Recently, a consultation was held on Flintshire Council’s Local Development Plan (LDP), which sets out locations where up to 7,000 new homes could be built in the county over the next decade.

Hundreds of residents responded and when their comments were published on the council’s website last week, it was discovered that their contact information could still be accessed, despite attempts by staff to hide such details.

The breach led to Flintshire Council considering whether the matter needed to be reported to the Information Commissioner’s Office (ICO).

On Wednesday, the authority confirmed the authority had been notified and pledged to “cooperate fully should they investigate”.

A council spokesman said: “The council recently made all representations on its draft Local Development Plan (LDP) publicly available on its website as required by Welsh Government and the LDP regulations.

“A summary of each comment made was provided along with a link to the original representation but all personal details were hidden from public view – through ‘redaction’.

“It would appear that for a small number of records on a specific part of the plan a conscious effort has been made to remove that protection by someone accessing our website.”

Gareth Owens, chief officer for governance, said: “Once the risk became known the documents were immediately removed from the website.

“This was done in less than three hours from when they were made publicly available.

“During that limited time, most of the individual comments posted on the website received no or a low number of ‘hits’.

“Having checked our website visitor records we can see that only a few people accessed the document in this short period.

“Once we became aware of the problem we acted swiftly to correct the document and to prevent further access to the personal data.

“As a responsible public body we take the issue of the security of personal information extremely seriously and have notified those individuals whose details were included in the document.

“We have also informed the Information Commissioner’s Office, with whom we maintain a positive and trusting working relationship and will cooperate fully should they investigate.

“The council is also aware that personal details of a number of individuals have been posted online by those who may have obtained it, or others.

“Those people targeted have already been contacted by the Council.

“We believe the republishing of this material is illegal and have provided evidence of the alleged offence to the Information Commissioner’s Office.

“We apologise to all affected by this incident.

“The software used to protect these details was not adequate, and more robust software has already been sourced to ensure the redacted information is securely protected when the documents are re-published shortly.

“Any new redacted documents will also be published under the new protection measures that have been put in place.”

Source link

Leave a comment