Local Planning Authority Fined £150,000 for Data Protection Breaches
Uploading information to the Internet takes seconds and mistakes are easily made, but the consequences of publishing private data online can be severe. In one case, a local planning authority was fined £150,000 after it posted personal information about a family of travellers on its website.
A statement had been submitted to the authority that contained sensitive personal data about the family in the context of a planning application in the Green Belt. The statement referred to the family’s disability requirements, including mental health issues. Names, ages and the location of the site where they lived were also given. The authority was required to place planning applications on its website for public consultation purposes and, after the matter was put in the hands of an inexperienced employee, the statement was uploaded in unredacted form.
The Information Commissioner’s Office found that what happened amounted to a serious breach of the Data Protection Act 1998. Although it was not deliberate, it had resulted from serious oversight and the inadequacy of the systems that the authority had in place to guard against such breaches. The information could have been accessed by hostile third parties and the authority ought reasonably to have known there was a risk of a contravention that would be likely to cause harm or distress. In those circumstances, a substantial monetary penalty was justified.