The Information Commissioner’s Office (ICO) has fined Islington Council £70,000 after details of over 2,000 residents were released online due to a basic misuse of Excel.
The council published data on 2,375 residents in the form of spread sheets that contained data such as their health records, if they were a victim of domestic abuse or had special housing needs. This was then hosted online on the What Do They Know? website, visible to anyone.
The data was online for almost three weeks between late June and mid-July, and was only removed when an administrator for the website spotted the issue.
The ICO was then informed and it discovered the council had actually been informed of the issue when the first spreadsheet was uploaded, but failed to act, meaning a further two went live with the same issue. It said a basic misunderstanding of pivot tables within Excel caused the problem.
ICO head of enforcement, Stephen Eckersley, said the fine underlined the importance of good, basic IT training for staff handling sensitive data.
"This mistake not only placed sensitive personal information relating to residents at risk, but also the highlighted the lack of training and expertise within the council," he said.
"Councils are trusted with sensitive personal information, and residents are right to expect it to be handled in a proper way. Unfortunately, in this case that did not happen, and Islington Council must now explain to residents how it will stop these mistakes being repeated."
Islington Council said it accepted the fine from the ICO and had apologised to residents who were affected.
"We remain extremely sorry for the upset and worry this disclosure may have caused to some people. The council carried out a thorough investigation when this disclosure came to light, and we have since put in place more rigorous checks,” a spokesman said.
"The person who released the data did not have sufficient knowledge of spreadsheets to recognise the error or to put it right. All of our employees who are tasked with responding to FOI requests have now had additional training with an emphasis on how to prepare information for public release."
The council said it will pay the fine promptly to reduce the cost to £56,000 by taking advantage of a 20 percent early payment cut offered by the ICO.
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Successful attack could result in harm to patients and financial loss, warns NHS governing body