New Forest District Council breached the Data Protection Act by publishing the personal data of planning applicants on their website, the Information Commissioner said today.
The Information Commissioner’s Office (ICO) received a complaint from a New Forest resident in 2008, after council staff failed to appropriately redact personal data from the resident’s planning application before publication on their website.
The council initially addressed the issue and removed the relevant data. However, the resident continued to monitor the website and reported finding personal data relating to other Hampshire residents over a period of some months.
Following this complaint, the council initially improved their internal redaction procedure and introduced a self monitoring process. However, in July 2010, the ICO established that further personal data was being published on New Forest’s website and contacted the council to address the issue.
The ICO examined the systems in place at the council and interviewed the staff directly responsible for the redaction process. Following this, the ICO was satisfied that the Council were taking the steps needed to lessen the risk of a breach occurring again.
The Council’s Chief Executive, David Yates, has provided the ICO with a personal commitment to continue to employ such measures to ensure maximum compliance with the Data Protection Act.
Sally-Anne Poole, Enforcement Group Manager at the ICO, said:
“The ICO welcomes the measures introduced by New Forest District Council to tackle this problem. While we appreciate it is difficult for any organisation to give a 100% guarantee that they will comply with the Act, we expect authorities to put the most effective data protection measures in place and to ensure they are upheld.
“We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action.”
Source: Information Commissioner’s Office