Dumfries & Galloway Council put personal details for 900 staff members on a website
Dumfries and Galloway council has been criticised by the Information Commissioner’s Office (ICO) for inadvertently posting sensitive information about 900 current and former employees on its website.
The council accidentally uploaded details such as names, salaries and dates of birth as part of a Freedom of Information response. The information was accessible between March and June of this year and the mistake was only rectified when the council was alerted by some of the individuals affected.
Transparency should not compromise privacy
Assistant commissioner for Scotland at the ICO, Ken Macdonald said that although transparency of council salaries was a fundamental way of holding local authorities to account, it should not be at the expense of an individual’s privacy rights.
The council has since commissioned an external audit of procedures for responding to information requests and says it will address any weaknesses uncovered in the investigation by January 2012. It has also vowed to ensure that its data handling procedures comply with the data Protection Act.
Macdonald commended these actions, commenting, “Procedures clearly went wrong in this case and I’m pleased that the council is reviewing its practices in light of the lessons that have been learned.”
Dumfries and Galloway is not the first council this year to incur the wrath of the ICO, the UK’s independent authority on data privacy and information rights.
In June, Surrey County Council was fined £120,000 for disclosing individuals’ personal data on three separate occasions. Information about individuals was accidentally sent to taxi firms, published in a council newsletter and sent to incorrect internal e-mail addresses between May 2010 and January 2011.