Small Data Protection Glitch Produces Big Financial Loss
When a local council published information in connection with a family's planning application for building works, it failed to think through the consequences of its actions. The result was that it placed sensitive personal data in the public domain.
The data included information about health issues the family face and the names and ages of all the members of the family as well as their location.
Normally, such information would be redacted from the statement before it was made publicly available, but a procedural glitch meant that the council failed to do so, because the pre-publication check was entrusted to an inexperienced technician.
The reaction of the Information Commissioner's Office (ICO) was to fine the council £150,000, with a £30,000 discount being available for prompt settlement if the council does not appeal.
The case shows clearly how seriously such errors are taken by the ICO and the offer of a substantial discount only if there is no appeal against the punishment gives an indication of the sort of tactics that may be expected to be adopted in similar cases.