BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Council fined 70K by ICO over spreadsheet data breach

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 10 Sep 2013 13:24:25 -0400
http://www.publictechnology.net/news/council-fined-70k-ico-over-spreadsheet-data-breach/37951

The Information Commissioner’s Office (ICO) has imposed a £70,000
penalty charge on Islington Council for a serious breach of data
protection laws.

The details of 2,375 residents were accidentally released online in
response to a freedom of information request made on the What Do They
Know website.

Three spreadsheets relating to the local authority’s Housing
Performance Team were released, but without redacting personal data
relating to the housing needs of those who had applied for council
housing.

The ICO found that the council had failed to correct the problem after
it was notified about it on the release of the first spreadsheet.

The oversight was a result of a lack of understanding of how pivot
tables functioned in spreadsheets, leading to the council being unable
to locate the offending data in the released documents.

The personal data was hidden from view but was still easily accessible.

An administrator in the hosting website identified the error, removed
the material, and reported the incident to the ICO.

Stephen Eckersley, the ICO’s head of enforcement, said the error
reflected badly on the local authority: “This mistake not only placed
sensitive personal information relating to residents at risk, but also
highlighted the lack of training and expertise in the council.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: