Spectrum Housing Group cautioned by ICO after data breach

A private housing group based in Dorset has become the latest organisation to be pulled up by the Information Commissioner's Office (ICO) after it accidentally emailed data on 200 employees to the wrong addresses.

The incident occurred when a Spectrum Housing Group employee emailed a spreadsheet containing details on employees including pension contributions to the wrong external email address, according to the ICO.

The company was subsequently found not to have had the required level of data protection policy in place and forced to sign a formal undertaking like countless organisations before them.

"While on this occasion the information compromised was not sensitive, the fact is that at the time of the incident Spectrum Housing Group did not have appropriate controls in place," said ICO acting head of enforcement, Sally Anne Poole.

"This case highlights the need for organisations to make sure that adequate checks are in place and documents suitably protected before they are sent out."

Spectrum's group chief executive, Wayne Morris, has now signed the undertaking, which promises to ensure any documents containing personal data are only emailed where strictly necessary, and where appropriate, password protection and encryption technologies are considered.

Despite the ICO now having the power to fine organisations for severe breaches of the DPA, new cases come to light on an almost daily basis. Just this week, Dumfries and Galloway Council was cautioned after accidentally posting sensitive information on 900 current and former employees on its web site.

It's a situation that has led information commissioner Christopher Graham to call for the ICO to be given the power to conduct compulsory data protection audits of organisations to ensure compliance.