West Sussex County Council apologises for data breach in inviting business owners to cybersecurity event
email breach

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

West Sussex County Council apologises for data breach in inviting business owners to cybersecurity event

West Sussex County Council has apologised to numerous business owners for an ironic data breach that occurred in the process of inviting them to a cybersecurity event.

Located in Chichester, the Council sent an invite to some 200 individuals’ email addresses but used the wrong ‘blind carbon copy’ option, revealing the recipients’ email addresses to each other.

It’s a common form of breach – one that has had grave consequences in other cases, like that of the 56 Dean Street Clinic we are helping people claim for when they revealed the personal details of patients using the clinic for HIV services.

“An email invite was sent to email addresses supplied by organisations applying for county council grants. As a result of a complaint, we have taken steps to recall the message. We apologise for any inconvenience this may have caused,” said one spokesperson for the council.

Unfortunately, the nature of a data breach means that any leaked information can’t be so easily ‘recalled’ and retracted.

A spokesman said that the incident was not a “serious data breach” and was not significant enough to be reported to data protection regulators. However, the incident is another example of what could happen when there may be a lack of data protection training or protocols. Many other organisations have made the same costly mistake!

The timing of the breach caused further criticism as the email was sent only days after the BBC revealed the Information Commissioner’s Office’s (ICO) investigation into the West Sussex council for accidentally uploading confidential information of some 1,400 carer, foster carers and disabled people. The BBC report noted that the information was left online for seven years.

A spokesperson for the Council said “as soon as the problem was reported to us, we removed the spreadsheet from the website in under 29 hours.” Councils, especially when working on cybersecurity campaigns, should not have to be told about data breaches; they should have working data protection protocols that prevent and detect breaches.

The Council tried to mitigate the impact the damage caused by saying only the payment amounts and the recipients of the benefits were exposed in the spreadsheet. They noted the names were the only personally identifiable information compromised, but this is already significant as anyone who had access to the spreadsheet in those seven years could recognise friends, family or acquaintances listed.

A spokesperson for the council admitted that people with malicious intent could use the information for personal gain:

“… we accept that persons seeking to identify individuals could do so in some cases by making additional checks through other data sources.”

All organisations, private businesses and county councils need to give data protection the respect it deserves and prioritise keeping people’s information safe. It’s only months before the EU General Data Protection Regulation kicks in and ups the maximum fine to 20 million Euros or 4% of the offending organisation’s annual global revenue, whichever is the highest.

West Sussex county council may need to overhaul its data protection security and protocols if they want to be compliant by the time the GDPR rolls in.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon