In 2011, the Information Commissioner’s Office had the Wolverhampton council sign an undertaking to improve data protection. In 2014, the ICO ordered the council to improve data protection.
And now in July, 2016, we read this:
A report from the Information Commissioner’s Office said payroll information relating to 9,858 workers had been disclosed to a ‘third party’ by the authority because of an email ‘oversight’.
Employees at 73 ‘educational establishments’ were affected by the bungle, which the commissioner’s office said occurred in November last year. Wolverhampton council has not said whether the data relates to the city’s teachers and school staff. The council has also not said if those affected have been informed of the leak.
And all the ICO has to say is
“The commissioner is satisfied that the terms of the [2014] enforcement notice were met. However, the commissioner remains concerned at the data controller’s failure to establish an effective mechanism to monitor and implement refresher training.”
This is just…. lame.