Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The Information Commissioner’s Office (ICO) has found that the London Borough of Islington is liable for breaching data protection duties through their reported failure to keep 89,000 people’s personal data safe on an online parking ticketing database.
Information including sensitive health details, disabilities and financial details were reportedly not properly secured.
Islington Council uses a ‘Ticket Viewer’ system to allow members of the public to review CCTV images or videos of the parking offence so they may check any tickets issued, and it is this system that is at the centre of the breach.
Using the system, individuals can also send in supporting evidence like medical records to appeal issued tickets. The council also kept information received from the Traffic Enforcement Centre in the recovery of issued fines; for example, bankruptcies.
Unfortunately due to design faults, the system was not properly secured and reportedly put 89,000 people’s information at risk. A member of the public was using the service when they discovered the design flaw that allowed them to access other people’s ticketing information and other related data.
By manipulating the URL, an individual could look though information belonging to other parking offenders. According to the ICO, this was then disclosed to Islington Council who investigated the situation and found that “119 documents on the system” were accessed without authorisation “235 times from 39 unique IP addresses.”
Without a system in place to detect unauthorised access, 71 people were affected by the breaches.
ICO enforcement manager Sally Anne Poole criticised the council for putting so many people at risk:
“People have a right to expect their personal information is looked after. Islington Council broke the law when it failed to do that… Local authorities handle lots of personal information, much of which is sensitive. If that information isn’t kept secure it can have distressing consequences for all those involved. It’s therefore vital that all council staff take data protection seriously.”
Islington Council should have tested the system to make sure it was secure before opening it for public use. Even after releasing it, the council could have made systematic checks to ensure that its cybersecurity was in shape.
The council could not provide a reasonable explanation for the lack of cybersecurity implemented. Due to their failures, they breached data protection rules and the ICO therefore issued a fine of £70,000.
Ignorance and oversight is not a defence when it comes to data protection.
Things are not looking good for public authorities according to a recent study conducted by the ICO. The government survey found that many authorities were not ready for the new General Data Protection Regulation that will be implemented in May 2018.
The study found that over 15% of councils don’t provide any data protection training for staff that have access to personal data, and a third of councils don’t conduct privacy impact assessments to see how an individual could be harmed if a data breach occurred.
From May 2018 onwards, the GDPR requires that all local councils appoint a data protection officer to make sure the council is complying with the new data protection rules. Hopefully, the new changes backed by new and increased sanctions will see a massive surge in secure cybersecurity.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.