West Sussex council launches investigation after publishing vulnerable citizens’ details online
Local authority disclosed names 1,400 of disabled people and their carers in now-removed spending data spreadsheet
The council claims it removed the information '29 hours' after being alerted Credit: West Sussex County Council
West Sussex County Council (WSCC) has launched an investigation after wrongly publishing online the details of about 1,400 disabled people and carers.
The names were featured in a spreadsheet that was published as part of the council’s practice of disclosing all instances spending over £100. To help protect the identities of vulnerable citizens and those that care for them, their names should have been removed from these documents prior to publication.
However, according to the BBC, this redaction has been performed erratically since 2010, when the council first published spending data in this way. Last month data scientist Andrew Rowson alerted the council to the wrongly published details.
The council said: “As soon as the problem was reported to us, we removed the spreadsheet from the website in under 29 hours.
WSCC said that individuals’ names represented the only personal information contained in the spreadsheets. But the authority admitted additional checks could have allowed some of the people affected to be identified by anyone seeking to do so.
- “Unacceptable & inexcusable”: council hit with £70k fine for leaving vulnerable people's info wide open
- ICO fines Islington Council £70,000 after website endangers 89,000 people’s data
- Probe launched into leak of more than 500 junior doctors' personal details
“Although the spreadsheet contained transaction numbers and payment amounts, the only personal details recorded were names,” the council said. “We would like to reassure residents that the spreadsheet did not contain any sensitive personal data which would put individuals at risk, in the event that identification through data matching with alternative sources was carried out.”
It added: “We accept that persons seeking to identify individuals could do so in some cases by making additional checks through other data sources. It is for that reason we removed the data.”
The council added that it is undertaking an investigation into the rest of its published spending information, and will work with the Information Commissioner’s Office in doing so.
“As a local authority, we are required to publish all expenditure data,” it said. “Our investigation is continuing and we will be carrying out further analysis of the data during this time closely following the guidance issued by the Information Commissioner's Office.”
The not-for-profit fraud-prevention body Cifas offers local authorities a free service to protect vulnerable people from fraud. The Protective Registration for the Vulnerable offering imposes additional checks and monitoring on all applications for financial services made in the name of those considered at risk.
Body pledges new structure will be ‘fair’, with detailed information likely before the end of 2017
Council deploys hosted IAM in three-year six-figure deal with local IT company
Victoria Cetinkaya of the Information Commissioner’s Office gives the organisation's top tips for government tech and data chiefs to ensure they are ready for new regulation next year
Methods including intercepting phone calls and bulk data collection to fall under the expanded remit of IPCO
Kirona explains what field service is and why public sector organisations need to implement an effective field service management solution