Sutton Council has apologised after it "inadvertently" published names of members of the public who have received benefit payments.
Those who received payments in May and June this year for disability, adoption, fostering allowances, day care respite and special needs education that totalled over £500 had their names and payments listed on Sutton Council’s website.
Sutton Guardian understands that the Information Commissioner’s Office (ICO) is investigating the possible breach.
Names of recipients of such payments have since been redacted by Sutton Council.
However, the council previously published a spreadsheet for May and June this year that included columns showing hundreds of recipients names and the payment amounts they received.
A source, who did not wish to be named, told Sutton Guardian: “The May and June data files were blocked and made unreadable on the council’s website at about 11am today (Monday 17 July), but were reposted a couple of hours later in their fully redacted format.
“The previous un-redacted May data file had been online since June 6 and the June data was published on July 14.”
Leader of Sutton Conservatives, councillor Tim Crowley, told Sutton Guardian: “It is a very concerning development. Although I am sure this is a mistake rather than deliberate the Data Protection Act is in place to protect most of the individuals who have been identified by this leak. They are in the main the most vulnerable members of the community and publishing this data could lead to those individuals being made to feel even more vulnerable and exposed.
“Today I will be calling on the CEO of Sutton Niall Bolger to launch an immediate inquiry into how this occurred and to put in place controls and processes that ensure that such a breach cannot happen again. I gather the ICO have been informed and they too will be launching an investigation into this leak of personal and private data.”
As written on the ICO website, The Data Protection Act states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
A Sutton Council spokesman said: "Sutton Council was made aware of a potential data breach involving the inadvertent publication of the names of individuals in receipt of payments from the Council. No other personal information has been released.
"We immediately removed the data in question upon discovering this breach. As part of our agreed internal policies we are carrying out an investigation and are in contact with the Information Commissioner's Office (ICO).
"We will of course do everything we can to help the ICO should they wish to make further enquiries. We are sorry this has happened and want to reassure residents we take matters such as these seriously. We are reviewing our processes to take all steps necessary to avoid any instance such as this happening again.”
Basildon Borough Council was fined this year for breaching The Data Protection Act after publishing sensitive personal information about a family.
They were fined £150,000 by the ICO after publicising the names of the family, their ages, location of their home, their disability requirements and mental health issues.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel