18.04.18
London council fined £120,000 for personal data breach
The Royal Borough of Kensington and Chelsea has been fined £120,000 for unlawfully sharing the personal details of the owners of vacant properties in the borough.
The data breach came in response to a Freedom of Information (FoI) request from some media outlets who sought to highlight the inequality in the region between those who could afford to leave their properties empty, and the residents of Grenfell Tower, who lived in relative poverty.
Personal information about 943 empty property owners was accidentally shared when a list of empty properties was compiled by copying and pasting the information without removing the underlying personal data.
Consequently, the figures were published on a newspaper’s website along with the names of three high-profile owners.
Although the breach was accidental, the Information Commissioner said that the council failed to take appropriate organisational measures to protect against the unauthorised processing of personal data.
The ICO acknowledged that the local authority was obliged to comply with the FoI, but that “at the time of the security breach, the feeling of social inequality was running high in this wealthy borough. Such disclosure therefore required guidance and oversight.”
The council itself notified the commissioner of the data breach and carried out a full investigation.
The £120,000 fine must be paid in full by 11 May, and if payment is received before that date the amount will reduce by 20% to £96,000.
A spokesperson for the borough said: “It was an error and we apologise. We accept the fine, and we have reviewed our processes to prevent this happening again.”
Top image: hanieriani
Have you got a story to tell? Would you like to become a PSE columnist? If so, click here.