Header image

ICO Reprimands Housing Association Over Data Exposure

Scottish housing association escapes monetary penalty.


Clyde Valley Housing Association in Lanarkshire has been issued a reprimand after personal information was accessible to other residents on an online customer portal.

On the first day that the portal launched in 2022, a resident discovered they could access documents related to anti-social behaviour cases, and also view personal information about other residents, including names, addresses and dates of birth.

According to a notification, a resident alerted Clyde Valley Housing Association to flag the breach, but their concerns were not escalated, and the personal information remained accessible for five days.

The Information Commissioner’s Office conducted an investigation and found that the housing association failed to test the portal appropriately before it went live, and staff were not clear on the procedure to escalate a data breach.


Jenny Brotchie, regional manager for Scotland at the ICO, said: “While new digital products and services can improve the experience for customers, these must not come at the cost of the security of personal information. This breach was the result of a clear oversight by Clyde Valley Housing Association when preparing to launch its new customer portal.

“We expect all organisations to ensure they have appropriate security measures in place when launching new products and have tested them thoroughly with data protection in mind, as well as ensuring staff are appropriately trained. We will take action when people’s personal information is not protected.”   



Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.