Latest Public Sector News

18.08.17

Authority slapped with £70,000 fine for data protection mishap

A London council has been slapped with a £70,000 fine after it failed to keep up to 89,000 people’s information secure on its parking ticket system website.

Islington Council’s Ticketviewer System allows people to see a CCTV image or video of parking offences they have been accused of. However, due to a design fault, the system mistakenly led to personal data of almost 90,000 people being accessible by other people using the technology. Some of this data included sensitive information such as medical details relating to appeal.

The Information Commissioner’s Office (ICO) has today released its report which said that there had been unauthorised access to 119 documents on the system 235 times from 36 unique IP addresses, affecting a total of 71 people.

“People have a right to expect their personal information is looked after. Islington Council broke the law when it failed to do that,” said Sally Anne Poole, ICO enforcement manager.

“Local authorities handle lots of personal information, much of which is sensitive. If that information isn’t kept secure it can have distressing consequences for all those involved. It’s therefore vital that all council staff take data protection seriously.”

The organisation stated that the council should have made sure to test the system properly prior to it going live and then regularly after that point.

It added that its failure to do so meant that the Borough had not taken appropriate measures to keep personal information secure, leaving it in breach of the Data Protection Act.

A spokesperson for the council repeated its previous apology for the mistake, and added that the council had taken the fine down to £56,000 for prompt payment.

“We remain very sorry about the previous Ticketviewer problem and agree with the ICO that we failed to meet the required data protection standards back in 2015,” they said.

“As soon as we were aware of the problem we took every possible action to prevent a recurrence and instructed auditors to carry out a thorough review so we could learn from our mistake.” 

Today’s news also follows the ICO warning councils that they had a long way to go to ensure data protection practices complied with the incoming General Data Protection Regulation.

It also fined Basildon Borough £150,000 back in June, and Gloucester City £100,000 after a cyber-attack exposed its employees’ information to hackers.

Have you got a story to tell? Would you like to become a PSE columnist? If so, click here

Comments

Surrey Resident   21/08/2017 at 15:31

Not the first time Islington has done this http://www.surreymirror.co.uk/tandridge-chief-officer-scapegoated-legal-team/story-17456749-detail/story

Add your comment

related

public sector executive tv

more videos >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >

public sector focus

View all News

comment

Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >

interviews

Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >