London Borough of Islington fined £79,000 for security flaw that may have compromised personal data belonging to 89,000 people
data protection

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

London Borough of Islington fined £79,000 for security flaw that may have compromised personal data belonging to 89,000 people

The Information Commissioner’s Office (ICO) has found that the London Borough of Islington is liable for breaching data protection duties through their reported failure to keep 89,000 people’s personal data safe on an online parking ticketing database.

Information including sensitive health details, disabilities and financial details were reportedly not properly secured.

Islington Council uses a ‘Ticket Viewer’ system to allow members of the public to review CCTV images or videos of the parking offence so they may check any tickets issued, and it is this system that is at the centre of the breach.

Public discovery of the breach

Using the system, individuals can also send in supporting evidence like medical records to appeal issued tickets. The council also kept information received from the Traffic Enforcement Centre in the recovery of issued fines; for example, bankruptcies.

Unfortunately due to design faults, the system was not properly secured and reportedly put 89,000 people’s information at risk. A member of the public was using the service when they discovered the design flaw that allowed them to access other people’s ticketing information and other related data.

About the flaw

By manipulating the URL, an individual could look though information belonging to other parking offenders. According to the ICO, this was then disclosed to Islington Council who investigated the situation and found that “119 documents on the system” were accessed without authorisation “235 times from 39 unique IP addresses.”

Without a system in place to detect unauthorised access, 71 people were affected by the breaches.

Council criticised

ICO enforcement manager Sally Anne Poole criticised the council for putting so many people at risk:

“People have a right to expect their personal information is looked after. Islington Council broke the law when it failed to do that… Local authorities handle lots of personal information, much of which is sensitive. If that information isn’t kept secure it can have distressing consequences for all those involved. It’s therefore vital that all council staff take data protection seriously.”

Islington Council should have tested the system to make sure it was secure before opening it for public use. Even after releasing it, the council could have made systematic checks to ensure that its cybersecurity was in shape.

The council could not provide a reasonable explanation for the lack of cybersecurity implemented.  Due to their failures, they breached data protection rules and the ICO therefore issued a fine of £70,000.

Ignorance and oversight is not a defence when it comes to data protection.

Public authorities remain in the data breach limelight

Things are not looking good for public authorities according to a recent study conducted by the ICO. The government survey found that many authorities were not ready for the new General Data Protection Regulation that will be implemented in May 2018.

The study found that over 15% of councils don’t provide any data protection training for staff that have access to personal data, and a third of councils don’t conduct privacy impact assessments to see how an individual could be harmed if a data breach occurred.

From May 2018 onwards, the GDPR requires that all local councils appoint a data protection officer to make sure the council is complying with the new data protection rules. Hopefully, the new changes backed by new and increased sanctions will see a massive surge in secure cybersecurity.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon