Council apologises after data protection breach

Stephen Hillier, Cabinet Member for Children ' Start of Life
Stephen Hillier, Cabinet Member for Children ' Start of Life

A COUNCIL data protection breach which saw residents’ private information released following a licensing decision on Wild Life festival has been reported to a regulator.

Adur District Council’s licensing team accidentally sent an email to around 15 residents on Thursday but failed to use the ‘blind carbon copy’ which conceals the identities of the recipients.

The council has reported itself to the Information Commissioner’s Office to make the regulator aware of the issue.

Adur and Worthing councils director for communities John Mitchell said: “This should not have happened - and we are writing to everyone affected to apologise.

“We are also arranging for additional training for the staff concerned to minimise the chance of a similar case of human error happening again.”

The email had been sent following the announcement of the licensing committee’s decision in regards to the review of noise limits at the two-day festival at Shoreham Airport.

Those who had made representations for and against the review, triggered by the Shoreham Society, were understood to be affected.

Shoreham resident Paul Ockenden, who reported the issue, said: “I was initially shocked when I received the email from the council. Not shielding email addresses in a BCC field is a rookie error, and I’d have expected anyone sending bulk emails on behalf of the council to have had relevant training.

“However, after I mentioned the incident on Facebook it was picked up very quickly by Neil Hopkins (head of communications for the councils).”

Mr Ockenden said the council’s swift response ‘turned around an embarrassing incident for the council’ and was an example of how social media could be used to mitigate such errors.

The incident came on the same day as councillors discussed the security of confidential data following the authorities’ digital transformation.

More than £800,000 of funding has been committed to overhauling digital systems, with many of the councils’ internal services such as emails migrated from Microsoft to Google.

While much of this work has been welcomed cross-party, Worthing councillor Nigel Morgan, who runs telecommunications provider 5 Rings, expressed concern.

He said: “While innovation is great, what checks and balances have been made to ensure information security is adhered to and there is no leakage of private information?”

Mr Morgan spoke about Google policy, which could see private information scanned by the multinational company to generate related adverts on a user’s screen.

But a council spokesman assured the Herald that officers were confident Google was not scanning the data for advertising purposes.

He said: “Google for Work does not scan your data or email in Google Apps Services for advertising purposes. Our automated systems scan and index your data to provide you with your services and to protect your data. It is important to note that if the recipient of an email is using Google services, then how the content of that email may be used is out of our control.”