Essex council warned after salary and health information for 2,000 people accidentally released
An Essex council has been given a formal reprimand by the information watchdog after accidentally releasing 2,000 people's personal information. The data that was mistakenly released includes people's salary and health information.
Southend-on-Sea City Council released the information in May last year as part of a Freedom of Information (FOI request. The details were included within a spreadsheet and contained a list of personal details relating to Council employees and former employees.
It also included information about other people associated with the council, such as agency workers and office holders. The Information Commissioner said a "significant amount" of personal information was released.
READ MORE: Essex fireworks display cancelled due to 'unreasonable pressure' from local horse sanctuary
ALSO READ: Essex's most popular primary school so oversubscribed only a few get a place
Southend-On-Sea City Council were made aware of the data breach in October 2023 - five months after the response to the FOI request was delivered on a public-facing and accessible website. The Commissioner said there was "no evidence of the hidden data being used" but "the possibility that malicious actors may access and exploit the data remains".
The Commissioner said the cause of the breach was a lack of proper checks for hidden data prior to the release of the spreadsheet. This is said to be "directly linked" to a lack of staff training. The error occurred despite being checked by two members of staff prior to it's release.
A reprimand notice from the ICO said: "Overall, after reviewing all the evidence provided, this case has shown a failure to comply with data protection legislation by the disclosure of special category data. This is due to the failures in training and awareness of the packages that the Council uses. This has given cause for concern given the large amount of data subjects, and the potential for a significant amount of damage to be caused to the data subjects impacted."
Cllr Daniel Cowan, (Lab.) leader of the council, says: "Following our self-reporting of a potential data breach to the Information Commissioners Office at the start of November 2023, we have now received their formal response. We welcome the Information Commissioner’s findings and for their recognition of our swift remedial steps to strengthen our approach to Information Governance and the action taken since.
"We have updated our Freedom of Information protocols, provided additional staff training, and introduced more stringent checks to ensure that personal data remains secure. We accept the ICO’s recommendation regarding providing further training, which is already being progressed."