GDPR breach sees borough council refer themself to ICO

A “serious” breach of GDPR saw the borough council report themself to the Information Commissioner’s Office in July.

A Sharepoint site featuring housing customer data, intended just to be used by members of one team, was accidentally shared to other council employees and elected councillors.

The borough council were forced to refer themself to the ICO, who decided to take no further action.

The revelation came in a report to members of the Audit and Accounts Committee on Monday (September 28).

Councillors were told by Ann Greaves, head of legal at the authority, that the ICO praised them for their “swift” response to the breach.

It was brought to the attention of the data protection officer by a member of staff who inadvertently accessed the site.

Immediate action was taken to rectify the issue and no customer data was available to anyone outside the council, the report said.

The ICO has the power to fine bodies up to £17 million for the most serious breaches of GDPR.

Source link

Leave a comment