East Lindsey Council data breach

The recent East Lindsey Council data breach was another example of a totally avoidable incident that resulted in sensitive information being exposed.

Our lawyers are often representing victims for council data breach cases. This includes for claims against local authority agencies and outsourced third-parties as well.

Public sector breaches can be common, and council data breaches are amongst the most frequent we see. As is the case with the East Lindsey Council data breach, many of the incidents are totally avoidable. Many stem from simple errors that can have costly consequences.

About the East Lindsey Council data breach

The East Lindsey Council data breach has resulted in the personal and sensitive information for job applicants being exposed online.

It appears that a confidential document – titled ‘Confidential shortlist pack’ – was accidentally published online. This was related to the council’s search for a new chief executive.

Aside from the fact that this kind of data should not be exposed at all, the name of the document is clear. This confidential list of information about job applicants was never meant to end up in the public domain, yet it did.

What information was exposed in the East Lindsey Council data breach?

Information exposed in the East Lindsey Council data breach included job applicants’:

Personal information;
Current salaries;
Expected salaries;
Strengths and weaknesses
Suitability for the role;
Specific candidate feedback, one of which reportedly read “unstructured and incomplete responses”.

Candidates were also said to have been ranked in the document as well.

How did the East Lindsey Council data breach happen?

It appears that the East Lindsey Council data breach simply boils down to an accidental upload of confidential information.

The council said that the cause was an officer “not ticking a box on a computer screen”.

Clearly, such data should not be allowed to be exposed simply because of a single tick box on a screen.

In a statement, the authority said: “It was a genuine error and we have urgently notified all candidates of what has happened and reported the incident to the Information Commissioner”.

The incident may warrant a GDPR fine.

They also said that they are looking to ensure that “such a mistake isn’t made in the future”. They have admitted that the mistake was “clearly unacceptable”.

What can you do as a victim of an East Lindsey Council data breach?

If you have been affected by an East Lindsey Council data breach – or any other form of data breach – we can help you.

Victims of a data breach can be eligible to make a claim for data breach compensation.

For more information, please contact our specialist team.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.