Legal help for data breach compensation claims

Kensington and Chelsea council fined £120,000 for indeliberate data breach

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

The Royal Borough of Kensington and Chelsea council has been fined £120,000 for an indeliberate data breach because the personal details of empty property owners in their constituency was published, contrary to data protection laws.

The Information Commissioner’s Office (ICO) has called it a “serious contravention” which has led to the huge fine being issued of £120,000.

According to the ICO reports, a Freedom of Information (FOI) request had been made in relation to the Grenfell Tower incident as part of research into social inequality, and it was this request that led to the accidental disclosure.

The names and addresses of 943 owners of empty properties in the Kensington and Chelsea council area was sent to the FOI applicant by mistake. The statistics requested were apparently not easily available which led to the council respondents confirming the information by checking the names against addresses. It is believed that the intention from the council was never to disclose the actual list, and the ICO recognises this as an indeliberate data breach.

As a result of the council data breach, the list was subsequently published in the media.

Another major council data breach caused by a simple mistake

This latest data breach is another example of a simple breach caused by a council that can have massive repercussions for the people whose data is disclosed. Irrelevant of the nature of the data in this particular case, which has understandably become a topic of debate over whether such data should be available anyway, the issue here is that massive council data breaches often happen because of small errors.

As we have seen in this breach, the simple act of accidentally failing to remove data used to respond to the FOI request led to the data being unlawfully disclosed. There are many ways this could have been prevented, from separating the data research to the data disclosure, to the simple act of double-checking the information the council is about to release.

Council data breach risks

Councils and the local authority agencies they often outsource work to remain one of the biggest culprits of data protection breaches, and given the vast quantities and depth of the data they usually hold, council data breaches can be severe. It’s clear that councils must do more to ensure the data they hold is safe, and the data they disclose is correct.

We advise and represent a lot of people for council data breaches. If you have been affected by a council data breach, we may be able to help make a No Win, No Fee claim, subject to the nature of how the breach occurred and what information has been disclosed.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Matthew on April 23, 2018
Posted in the following categories: Council ICO and tagged with | | |


A data breach at the University of Surrey Sports Park hits 90,000 staff and students
Uber data breach was a lesson in how NOT to handle a cyberattack
%d bloggers like this: