Council Fined by ICO Over Publication of Sensitive Personal
Data in Online Planning
The ICO issued a £150,000 fine to Basildon Borough Council for
publishing on its online planning portal a statement in support of a
householder’s planning application for proposed works in a green
belt. The statement contained sensitive personal data such as the
family’s disability requirements, including mental health issues,
the names of all the family members, their ages and the location of
their home. The ICO’s investigation found that the statement was
published without redacting any personal data on 16 July 2015 and
was only removed on 4 September 2015. An inexperienced council
officer had not noticed the sensitive information and no other officer
had checked the statement for personal data before publishing it.
The ICO found that Basildon Borough Council had breached the Data
Protection Act 1998 for failing to provide training and to put data
protection procedures in place.