Basildon Borough Council has taken a £150k rap from the Information Commissioner’s Office (ICO) for publishing personal details about a family of travellers on the planning pages of its website.
The information, which covered the family’s disability requirements (including mental health issues), names, ages and the location of their home, was open to public scrutiny for a period of two months during the summer of 2015. The ICO investigation established that the exposure of this confidential and sensitive data was due to failings in data protection procedures and training.
The practice of redacting personal data from planning documents tends to be commonplace amongst local authorities but the council argued that in this case, it was in fact not allowed under planning law. However, the ICO ruled that planning regulations could not override people’s fundamental privacy and data protection rights.
UK media is increasingly covering the topics of data protection and privacy rights as GDPR regulations come into effect. This story highlights the risk organisations of any size and within any industry face – and the importance of taking preventative steps to ensure data security.