ICO fines Islington Council £70,000 after website endangers 89,000 people’s data

Written by Sam Trendall on 20 August 2017 in News
News

Parking ticket review service permitted unauthorised access to citizen data, investigation finds

The Ticket Viewer site allows people who have received a parking ticket to examine footage of their alleged offence  Credit: PA

Islington Council has been fined £70,000 after the Information Commissioner’s Office found that the north London borough’s parking-ticket website failed to adequately secure the personal information of 89,000 citizens.

The council’s Ticket Viewer service allows people who have received parking tickets in the borough to look at images or video pertaining to their alleged offence. In October 2015, a site user discovered that “manipulating the URL” gave them unauthorised access to folders containing personal information, the ICO said.


Related content

ICO flags areas for improvement at Islington

'It's not a choice between privacy or innovation', ICO tells NHS trusts

ICO: Councils need to sharpen up on data protection ahead of GDPR


The oversights that allowed such material – including, in some cases, medical details – to be compromised put the data of 89,000 people at risk. Before the fault was corrected, the council discovered that 119 documents related to 71 people had been accessed without authorisation a cumulative total of 235 times from 36 unique IP addresses. 

An ICO investigation concluded that the Ticket Viewer system ought to have been tested before it went live, and frequently thereafter. The borough’s failure to do so, and the resultant threat to the security of personal information, represented a breach of the Data Protection Act, the ICO said.

“People have a right to expect their personal information is looked after. Islington Council broke the law when it failed to do that,” said Sally Poole, ICO enforcement manager. “Local authorities handle lots of personal information, much of which is sensitive. If that information isn’t kept secure, it can have distressing consequences for all those involved. It’s therefore vital that all council staff take data-protection seriously.”

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Drones and the city of the future
15 March 2018

Nesta’s Flying High Challenge is working with five UK cities to explore the use of drones in the delivery of public services. PublicTechnology talks to programme manager Nishita...

NCSC picks IoT, cloud, and cryptojacking among UK plc’s biggest future threats
10 April 2018

Cybersecurity agency issues report looking forward to coming dangers and back at year in which DDoS and ransomware hogged the headlines

Technology must be embedded into frontline policing
13 March 2018

Sarah Timmis of think tank Reform discusses how digital can have a transformational impact for the emergency services

Treasury Committee to examine digital-currency regulation
22 February 2018

‘It is time Whitehall and Westminster understood cryptocurrency better’, committee member declares following period of extreme fluctuations