14 DAY TRIAL // The Dumfries and Galloway Council, responsible for the third largest region in Scotland, inadvertently posted on their website, for a period of two months, information belonging to a few hundred of their current and former staff members.
According to The H Security, the whole thing happened as a result of a Freedom of Information (FOI) request. One of the staff members published by mistake a spreadsheet containing names, salaries and dates of birth of 887 citizens.
The Information Commissioner's Office (ICO) learned of the incident, quickly cataloging it as a breach of the Data Protection Act. It looks as the data was online between March 23 and June 1, 2011, until a trade union noticed the mistake and alerted council representatives.
An external audit is being commissioned to verify the procedures utilized for responding to FOI requests and all the weaknesses uncovered during the investigation will be taken care of by the beginning of 2012. Checks will also be deployed to ensure that from now on personal data will ve handled in compliance with the Data Protection Act.
“Being open about council pay is a fundamental way that citizens can hold local authorities to account, but that should never be at the expense of upholding individuals’ privacy rights.
"Procedures clearly went wrong in this case and I’m pleased that the council is reviewing its practices in light of the lessons that have been learned,” revealed Ken Macdonald, Assistant Commissioner for Scotland at the ICO.
FOI requests are proving to be problematic for institutions in the United Kingdom. Just yesterday we learned about the Metropolitan Police publishing personal data of the citizens who make such demands.
If no serious measures will be taken, they risk losing the trust people place in them, since many could fall victim to hacking operations as a result of these unfortunate practices.