ICO fines Islington Council £70,000 after website endangers 89,000 people’s data

Written by Sam Trendall on 20 August 2017 in News

Parking ticket review service permitted unauthorised access to citizen data, investigation finds

The Ticket Viewer site allows people who have received a parking ticket to examine footage of their alleged offence  Credit: PA

Islington Council has been fined £70,000 after the Information Commissioner’s Office found that the north London borough’s parking-ticket website failed to adequately secure the personal information of 89,000 citizens.

The council’s Ticket Viewer service allows people who have received parking tickets in the borough to look at images or video pertaining to their alleged offence. In October 2015, a site user discovered that “manipulating the URL” gave them unauthorised access to folders containing personal information, the ICO said.

Related content

ICO flags areas for improvement at Islington

'It's not a choice between privacy or innovation', ICO tells NHS trusts

ICO: Councils need to sharpen up on data protection ahead of GDPR

The oversights that allowed such material – including, in some cases, medical details – to be compromised put the data of 89,000 people at risk. Before the fault was corrected, the council discovered that 119 documents related to 71 people had been accessed without authorisation a cumulative total of 235 times from 36 unique IP addresses. 

An ICO investigation concluded that the Ticket Viewer system ought to have been tested before it went live, and frequently thereafter. The borough’s failure to do so, and the resultant threat to the security of personal information, represented a breach of the Data Protection Act, the ICO said.

“People have a right to expect their personal information is looked after. Islington Council broke the law when it failed to do that,” said Sally Poole, ICO enforcement manager. “Local authorities handle lots of personal information, much of which is sensitive. If that information isn’t kept secure, it can have distressing consequences for all those involved. It’s therefore vital that all council staff take data-protection seriously.”


About the author

Sam Trendall is editor of PublicTechnology

Share this page



Add new comment

Related Articles

Regulator urges government to mandate NHS compliance with surveillance camera code
17 January 2018

Commissioner Tony Porter tells PublicTechnology about continued efforts to get the Home Office to recognise the need for a surveillance camera code of practice that applies to NHS and...

Government urges police to transform ‘for the digital age’
18 January 2018

Policing minister pledges that Home Office will help forces invest in technology initiatives that enable officers to spend more time on the front line

GDS offers £118k in search for leader of newly created digital Brexit team
16 January 2018

Organisation building centralised team to help Whitehall manage the digital implications of leaving the EU while maintaining longer-term transformation goals