An Isle of Wight Council data breach has arisen where the local authority reportedly sent other people’s information out to residents in dozens of council tax letters.
This appears to be yet another simple data leak that has taken place that involves a local authority. Councils hold a wealth of personal and sensitive data about a huge number of people, and their duty to safeguard it is incredibly important.
We represent many people making claims for council data breach compensation because of how common incidents can be. We’re therefore not surprised by this latest breach, but it’s still very worrying to hear about it; especially now we have GDPR in place that has put data protection in the limelight.
About the Isle of Wight Council data breach
The Isle of Wight Council data breach reportedly involved over 50 letters being sent out to residents that contained the personal and sensitive information for other residents as well.
It appears that letters had been printed, we assume, using some sort of duplex function. This means that both sides of the paper is used. In this incident, it resulted in residents receiving their letters, and the letter for someone else on the reverse side of theirs.
Letters reportedly included:
- Full names;
- Addresses;
- References numbers;
- Amounts owed for council tax.
An avoidable incident
The Isle of Wight Council data breach is precisely the kind of incident that’s entirely preventable and should never have happened in the first place.
How this kind of thing can still happen despite the prevalence of GDPR is astonishing. There ought to be far better policies and procedures in place for preventing these kinds of incidents, and for checking to ensure that this cannot happen.
It’s understood that the council has hand-delivered letters to those who have been affected by the breach, asking that they do not open the previous breach letter. We expect it’s probably too late for that now.
The letter is understood to say: “please accept our sincere apologies for any distress and inconvenience this may have caused you”.
What can victims of the Isle of Wight data breach do?
Victims of the Isle of Wight Council data breach incident may be entitled to make a claim for compensation for any distress that has been caused.
It can amount to a GDPR breach where a person’s personal and sensitive information has been leaked to someone else. For the victim, the loss of control of personal information can be devastating.
So far, we understand that the council hasn’t decided if they need to refer the matter to the ICO (Information Commissioner’s Office). Whether they need to or not, victims whose personal data has been sent to someone else may be eligible to make a case.