The residents of Middleton have been apoplectic this week after Milton Keynes Council accidently published the results of a residents’ survey on its website, including the addresses and phone numbers of 50 of the respondents. The data breach occurred last week and lasted for 18 hours before the error was noticed and removed.
The survey was designed to determine public opinion on a controversial park in Southside Lane, Middleton after there had been numerous complaints concerning anti-social behaviour. One resident, Dr. Bob Ranger, who has been a vociferous critic against the play park, believes that his address and contact details being made available online may even have led to recent vandalism of his car. Dr Ranger said:
“They published the contact details and other sensitive personal information of about 50 persons who have filled out a residents’ questionnaire and then submitted it to the council. It was put on the council website for 18 hours.”
“Anybody could have seen all those details in the time they were online. Nobody will accept responsibility or offer a genuine apology. We got a press statement written by the council’s PR department that is supposed to count as an apology but adds insult to injury and inflames a delicate situation even more.”
David Hill, chief executive of the council, said:
“The council has apologised for publishing personal data provided by the residents on the website, with all the background information. Although not strictly required by the Information Commissioner’s Office guidelines, we have notified a breach of the data protection legislation to the ICO and launched a data protection investigation.”
This kind of basic mistake which seems to occur so often in local councils indicates both a lack of understanding of data protection and technology as well as a lackadaisical approach to the privacy of local people. The Information Commission should investigate this case and punish those responsible.
As Big Brother Watch has mentioned before, if the ICO continues to refuse to hand out punitive financial punishments for data protection breaches then they will keep occurring. Simple asking public bodies to sign undertakings to improve staff training will not solve these problems.
It is breaches like this that demonstrate over and over again that giving data to eg government bodies puts people's personal data at high risk. These people trusted the Council with their personal data and this is the result. And they wonder why we are becoming so protective of our data and many of us no longer are prepared to give our personal data or do surveys that require personal data.
There needs to be a huge education programme about data protection for individuals and organisations and companies etc. People are still asked to produce photo ID as if it is a legal requirement in this country even although the ID card project was binned (I am referring to British or EU citizens here). When will those who ask for this realise that British citizens do not necessarily have photo ID. Where someone produces photo ID what happens to it and why do they want it - try asking the person who asks you for photo ID next time - the responses are often quite enlightening - they don't know why. This goes against the principles of the data protection act - they should be able to tell you why they want the data and what they intend to use it for.
Posted by: data! | 19/05/2011 at 01:54 PM
That was my thought,too.
Posted by: mbt sale | 20/06/2011 at 02:52 PM