Staff details were accidentally released in FOI request.
Southend-on-Sea City council has been given a formal reprimand by the ICO after accidentally releasing 2,000 people's personal information.
Including salary and health information, the details were included within a spreadsheet and contained a list of personal details relating to Council employees and former employees. According to media reports, the details were released accidentally as part of a Freedom of Information request.
Southend-On-Sea City Council were made aware of the data breach in October 2023 - five months after the response to the FOI request was delivered on a public-facing and accessible website.
The Commissioner said there was "no evidence of the hidden data being used" but "the possibility that malicious actors may access and exploit the data remains".
A reprimand notice from the ICO said: "Overall, after reviewing all the evidence provided, this case has shown a failure to comply with data protection legislation by the disclosure of special category data. This is due to the failures in training and awareness of the packages that the Council uses. This has given cause for concern given the large amount of data subjects, and the potential for a significant amount of damage to be caused to the data subjects impacted."
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
