The recent East Lindsey Council data breach was another example of a totally avoidable incident that resulted in sensitive information being exposed.
Our lawyers are often representing victims for council data breach cases. This includes for claims against local authority agencies and outsourced third-parties as well.
Public sector breaches can be common, and council data breaches are amongst the most frequent we see. As is the case with the East Lindsey Council data breach, many of the incidents are totally avoidable. Many stem from simple errors that can have costly consequences.
About the East Lindsey Council data breach
The East Lindsey Council data breach has resulted in the personal and sensitive information for job applicants being exposed online.
It appears that a confidential document – titled ‘Confidential shortlist pack’ – was accidentally published online. This was related to the council’s search for a new chief executive.
Aside from the fact that this kind of data should not be exposed at all, the name of the document is clear. This confidential list of information about job applicants was never meant to end up in the public domain, yet it did.
What information was exposed in the East Lindsey Council data breach?
Information exposed in the East Lindsey Council data breach included job applicants’:
- Personal information;
- Current salaries;
- Expected salaries;
- Strengths and weaknesses
- Suitability for the role;
- Specific candidate feedback, one of which reportedly read “unstructured and incomplete responses”.
Candidates were also said to have been ranked in the document as well.
How did the East Lindsey Council data breach happen?
It appears that the East Lindsey Council data breach simply boils down to an accidental upload of confidential information.
The council said that the cause was an officer “not ticking a box on a computer screen”.
Clearly, such data should not be allowed to be exposed simply because of a single tick box on a screen.
In a statement, the authority said: “It was a genuine error and we have urgently notified all candidates of what has happened and reported the incident to the Information Commissioner”.
The incident may warrant a GDPR fine.
They also said that they are looking to ensure that “such a mistake isn’t made in the future”. They have admitted that the mistake was “clearly unacceptable”.
What can you do as a victim of an East Lindsey Council data breach?
If you have been affected by an East Lindsey Council data breach – or any other form of data breach – we can help you.
Victims of a data breach can be eligible to make a claim for data breach compensation.
For more information, please contact our specialist team.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on November 29, 2018
Posted in the following categories: Claims Council Security Technology and tagged with compensation | council | council data breaches | data controllers | data leak | online security | personal data