Kensington & Chelsea Council Fined £120K For Indeliberate Data Breach

The Royal Borough of Kensington and Chelsea council has been fined £120,000 for an indeliberate data breach because the personal details of empty property owners in their constituency was published, contrary to data protection laws.

The Information Commissioner’s Office (ICO) has called it a “serious contravention” which has led to the huge fine being issued of £120,000.

According to the ICO reports, a Freedom of Information (FOI) request had been made in relation to the Grenfell Tower incident as part of research into social inequality, and it was this request that led to the accidental disclosure.

The names and addresses of 943 owners of empty properties in the Kensington and Chelsea council area was sent to the FOI applicant by mistake. The statistics requested were apparently not easily available which led to the council respondents confirming the information by checking the names against addresses. It is believed that the intention from the council was never to disclose the actual list, and the ICO recognises this as an indeliberate data breach.

As a result of the council data breach, the list was subsequently published in the media.

Another major council data breach caused by a simple mistake

This latest data breach is another example of a simple breach caused by a council that can have massive repercussions for the people whose data is disclosed. Irrelevant of the nature of the data in this particular case, which has understandably become a topic of debate over whether such data should be available anyway, the issue here is that massive council data breaches often happen because of small errors.

As we have seen in this breach, the simple act of accidentally failing to remove data used to respond to the FOI request led to the data being unlawfully disclosed. There are many ways this could have been prevented, from separating the data research to the data disclosure, to the simple act of double-checking the information the council is about to release.

Council data breach risks

Councils and the local authority agencies they often outsource work to remain one of the biggest culprits of data protection breaches, and given the vast quantities and depth of the data they usually hold, council data breaches can be severe. It’s clear that councils must do more to ensure the data they hold is safe, and the data they disclose is correct.

We advise and represent a lot of people for council data breaches. If you have been affected by a council data breach, we may be able to help make a No Win, No Fee claim, subject to the nature of how the breach occurred and what information has been disclosed.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.