A local authority has breached the Data Protection Act after disclosing personal data on its planning department's website.
The Information Commissioner found New Forest District Council in breach of the Act after receiving a complaint in 2008 from a New Forest resident who put in a planning application to the council.
The Information Commissioner’s Office (ICO) said council staff had failed to appropriately redact personal data from the resident’s planning application before publishing it on the website.
The council addressed the complainant's issue and removed the relevant data. However, the resident continued to monitor the website and reported finding personal data relating to other Hampshire residents over a period of some months.
Following this complaint, said the ICO, the council initially improved its internal redaction procedure and introduced a self monitoring process. However, in July 2010, the ICO established that further personal data was being published on New Forest’s website and contacted the council to address the issue.
The ICO examined the systems in place at the council and interviewed the staff directly responsible for the redaction process. Following this, the ICO was satisfied that the council was taking the steps needed to lessen the risk of a breach occurring again.
The ICO said the council’s chief executive has provided it with a personal commitment to continue to employ measures to ensure compliance with the Data Protection Act.
Sally-Anne Poole, enforcement group manager at the ICO, said, “The ICO welcomes the measures introduced by New Forest District Council to tackle this problem. We expect authorities to put the most effective data protection measures in place and to ensure they are upheld.
“We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action.”
Earlier this year, the ICO found West Berkshire council in breach of the Data Protection Act after the council lost an unprotected USB drive containing personal information on children.