A security specialist firm has said members of the public have the right to know if their information has been breached following the Sutton Council data bungle.

Those who received money over £500 in May and June this year for things including disability and fostering allowances had their names and payment amounts listed on the council’s website.

Sutton Council has since redacted people’s names.

Sutton Guardian asked James Walker, Co-Owner of security specialist firm Blackfoot UK, whether the council should notify members of the public who had their data breached.

Mr Walker said: “That’s a really good question. It’s in the public domain. They should talk to the Information Commissioner directly.

“I would be inclined to say they should let these people know that this has happened and give some guidance and help in terms of being vigilant of any follow up activity. It is easier said than done.”

Last week (July 21) Sutton Guardian spoke to a victim of the data breach, Emily Brothers.

She said: “It makes me vulnerable, it makes me wonder what will come out next.”

Mr Walker believes the vulnerability of victims is misunderstood.

He said: “I think it’s really interesting that we see these breaches whether it’s malicious or accidental because they are happening weekly. But the bit people are failing to comprehend is the actual impact on the individual.”

According to the co-owner of Blackfoot, the upcoming General Data Protection Regulation (GDPR) legislation will provide more protection.

“Incoming data protection laws (European GDPR) are absolutely focused on the rights of the individual and organisations need to understand the sensitivity of the data they hold on people.”

What advice would Mr Walker have for Sutton Council?

He said: “If the data was not that sensitive they don’t need to worry too much but my suspicion is that the data is quite sensitive so they need to review their policy and technology and come up with a solution.”

Since the data breach was reported the borough's council has apologised.

They are currently reviewing Information Commissioner’s Office (ICO) guidance to decide whether to inform victims of the data breach.

A spokesperson said: "We are analysing the information that was incorrectly released to establish the number of individuals affected. We will have regard to ICO guidance in deciding whether to notify individuals whose name has been released.

“This includes taking account of the risk of harm (including physical, financial or reputational) to those individuals. The Council has notified the ICO of the breach and we have taken steps to ensure that this does not recur.”