The Royal Borough of Kensington and Chelsea council has been fined £120,000 for an indeliberate data breach because the personal details of empty property owners in their constituency was published, contrary to data protection laws.
The Information Commissioner’s Office (ICO) has called it a “serious contravention” which has led to the huge fine being issued of £120,000.
According to the ICO reports, a Freedom of Information (FOI) request had been made in relation to the Grenfell Tower incident as part of research into social inequality, and it was this request that led to the accidental disclosure.
The names and addresses of 943 owners of empty properties in the Kensington and Chelsea council area was sent to the FOI applicant by mistake. The statistics requested were apparently not easily available which led to the council respondents confirming the information by checking the names against addresses. It is believed that the intention from the council was never to disclose the actual list, and the ICO recognises this as an indeliberate data breach.
As a result of the council data breach, the list was subsequently published in the media.
Another major council data breach caused by a simple mistake
This latest data breach is another example of a simple breach caused by a council that can have massive repercussions for the people whose data is disclosed. Irrelevant of the nature of the data in this particular case, which has understandably become a topic of debate over whether such data should be available anyway, the issue here is that massive council data breaches often happen because of small errors.
As we have seen in this breach, the simple act of accidentally failing to remove data used to respond to the FOI request led to the data being unlawfully disclosed. There are many ways this could have been prevented, from separating the data research to the data disclosure, to the simple act of double-checking the information the council is about to release.
Council data breach risks
Councils and the local authority agencies they often outsource work to remain one of the biggest culprits of data protection breaches, and given the vast quantities and depth of the data they usually hold, council data breaches can be severe. It’s clear that councils must do more to ensure the data they hold is safe, and the data they disclose is correct.
We advise and represent a lot of people for council data breaches. If you have been affected by a council data breach, we may be able to help make a No Win, No Fee claim, subject to the nature of how the breach occurred and what information has been disclosed.