ICO censures New Forest over data breach

The breach of the Data Protection Act came to light after a New Forest resident complained to the ICO about the problem. The resident said that council staff had published her or his planning application on the website, but had failed to edit out personal details. When the resident complained to New Forest about this, it addressed the issue by removing relevant data. But the resident continued to monitor the website over a number of months and found that the council went on to publish information about other Hampshire residents. The ICO investigated the systems in place at the council and interviewed the staff directly responsible for editing information before publication. It said it was now satisfied that New Forest was taking action to reduce the risk of a similar breach occurring again. Sally-Anne Poole, enforcement group manager at the ICO, said that she welcomed the measures introduced by New Forest DC to tackle the problem. "While we appreciate it is difficult for any organisation to give a 100% guarantee that they will comply with the Act, we expect authorities to put the most effective data protection measures in place and to ensure they are upheld," she said. "We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action."