BreachExchange mailing list archives
Council fined 70K by ICO over spreadsheet data breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 10 Sep 2013 13:24:25 -0400
http://www.publictechnology.net/news/council-fined-70k-ico-over-spreadsheet-data-breach/37951 The Information Commissioner’s Office (ICO) has imposed a £70,000 penalty charge on Islington Council for a serious breach of data protection laws. The details of 2,375 residents were accidentally released online in response to a freedom of information request made on the What Do They Know website. Three spreadsheets relating to the local authority’s Housing Performance Team were released, but without redacting personal data relating to the housing needs of those who had applied for council housing. The ICO found that the council had failed to correct the problem after it was notified about it on the release of the first spreadsheet. The oversight was a result of a lack of understanding of how pivot tables functioned in spreadsheets, leading to the council being unable to locate the offending data in the released documents. The personal data was hidden from view but was still easily accessible. An administrator in the hosting website identified the error, removed the material, and reported the incident to the ICO. Stephen Eckersley, the ICO’s head of enforcement, said the error reflected badly on the local authority: “This mistake not only placed sensitive personal information relating to residents at risk, but also highlighted the lack of training and expertise in the council. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Council fined 70K by ICO over spreadsheet data breach Jake Kouns (Sep 10)