The Information Commissioner’s Office (ICO) notes that an Undertaking has been signed by the Royal Borough of Windsor & Maidenhead, following an incident in which restricted information about 257 employees was disclosed on its intranet in error.
The incident occurred in January of 2013 when a spreadsheet with details on employees who had not signed a new employment contract was appended to a document posted in the general access area of their intranet instead of in the restricted area. Although no sensitive information was involved, investigation into the incident revealed that not all employees with access to personal information had undergone training in data protection and information security and the policies in place were incomplete.
You can read the undertaking here (pdf).