Scottish housing association escapes monetary penalty.
Clyde Valley Housing Association in Lanarkshire has been issued a reprimand after personal information was accessible to other residents on an online customer portal.
On the first day that the portal launched in 2022, a resident discovered they could access documents related to anti-social behaviour cases, and also view personal information about other residents, including names, addresses and dates of birth.
According to a notification, a resident alerted Clyde Valley Housing Association to flag the breach, but their concerns were not escalated, and the personal information remained accessible for five days.
The Information Commissioner’s Office conducted an investigation and found that the housing association failed to test the portal appropriately before it went live, and staff were not clear on the procedure to escalate a data breach.
Jenny Brotchie, regional manager for Scotland at the ICO, said: “While new digital products and services can improve the experience for customers, these must not come at the cost of the security of personal information. This breach was the result of a clear oversight by Clyde Valley Housing Association when preparing to launch its new customer portal.
“We expect all organisations to ensure they have appropriate security measures in place when launching new products and have tested them thoroughly with data protection in mind, as well as ensuring staff are appropriately trained. We will take action when people’s personal information is not protected.”
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
