Isle of Anglesey council hit by ICO data breach rap

The Isle of Anglesey County Council has become the latest local authority to feel the wrath of data protection watchdog the Information Commissioner's Office (ICO) after sending benefit details to the wrong recipients, although it managed to escape a fine.

The ICO said that it was first made aware of the breach in November 2010, when the council reported that a contractor had mistakenly sent letters containing information on benefit entitlement, income and savings to the wrong people.

It was subsequently discovered that the council had no contract in place with the service provider to explain how personal data should have been handled.

"An individual's financial information, including details of their savings and benefits claims, is some of their most personal information," said Anne Jones, assistant ICO commissioner for Wales.

"Therefore, this data loss would have been worrying and potentially embarrassing for those involved. People should be able to trust that organisations will keep their information secure."

The council has signed a formal undertaking to ensure that the processing of personal data carried out on behalf of the council is performed under a written contract, and that any contractor will act only on instruction from the council.

Isle of Anglesey Council will be relieved that it was not fined by the ICO. The watchdog has been doling out financial penalties to erring public and private sector firms with increasing regularity in recent months.

Earlier this month, Ealing Council was fined £80,000 after losing the details of almost 1,000 clients, while Hounslow Council was fined £70,000 after losing the details of 700 clients.