From the Information Commissioner’s Office:
Dumfries and Galloway Council breached the Data Protection Act by accidentally publishing a spreadsheet containing the names, salaries and dates of birth of nearly 900 current and former employees on their website, the Information Commissioner’s Office (ICO) said today.
The personal information – which was mistakenly disclosed as part of a response to a Freedom of Information Act (Scotland) response – was available online for over two months, between 23 March and 1 June 2011. It was removed after the council received a complaint from a trade union. The ICO also received a number of complaints from affected individuals.
The council commissioned an external audit of its procedures for responding to information requests and has said it will address any procedural weaknesses uncovered during the audit by January 2012. The council will also introduce appropriate checks to ensure that personal data is handled in compliance with the Data Protection Act.
Ken Macdonald, Assistant Commissioner for Scotland at the ICO said:
“Being open about council pay is a fundamental way that citizens can hold local authorities to account, but that should never be at the expense of upholding individuals’ privacy rights. Procedures clearly went wrong in this case and I’m pleased that the council is reviewing its practices in light of the lessons that have been learned.”