back to article UK council fined £150k for publishing traveller family's personal data

An Essex council has been fined £150,000 for publishing highly sensitive personal data, including medical information, of a traveller family via online planning documents. The Information Commissioner’s Office (ICO) slapped Basildon Borough Council for publishing the information in planning application documents, which it made …

  1. Anonymous Coward
    Anonymous Coward

    It gets worse...

    They've been properly doxed: http://pigeonsnest.co.uk/stuff/thieving-gypsy-bastards.html

    1. Anonymous Coward
      Anonymous Coward

      Re: It gets worse...

      Careful, the PC brigade will be after you for stereotyping the honest, hard-working travelling folk who are famed for their reasonably priced and high quality drive work.

      1. Hollerithevo

        Re: It gets worse...

        So, as long as you are considered unsavory, you can have your personal details treated like trash? Why is it PC to think that anyone, even a villain, gets to be treated to less than decent standards? If they're a fine upstanding citizen, how shocking, but if they're a dog, OK to kick them?

        1. Anonymous Coward
          Anonymous Coward

          Re: It gets worse...

          Were all dogs in the new world order.

  2. AMBxx Silver badge
    WTF?

    Static Traveller?

    Surely an oxymoron?

    1. Anonymous Coward
      Anonymous Coward

      Re: Static Traveller?

      Yes, that's like Windows security :)

      1. cbars Bronze badge

        Re: Static Traveller?

        Travelators?

        It's all relative. I'm spinning through space as we speak, weeeeeeeeee

        Or am I?

    2. John Brown (no body) Silver badge

      Re: Static Traveller?

      Yes, I did a double take on reading that too. Having said that, was that even relevant to the story? What if it was a "black" family? Or a Jewish family?

  3. earl grey
    Trollface

    i know how that rolls

    If her daddy's rich take her out for a meal

    If her daddy's poor just do what you feel

  4. Stu J

    Grrrr

    Once again, the taxpayer coughs up and the council cretins just waste more taxpayers' money.

    It's about time the legislation held individuals in public sector organisations personally accountable.

    If the drone responsible for the breach is paid £20k, their boss £40k, their boss £80k, and the CEO of the council £160k, then the fine should be levied vaguely proportionately on their take-home pay over the next year - the drone should pick up £0 (but may well be fired if it can be shown they've blatantly disregarded procedure), the boss £10k, the next boss £30k, the CEO £70k, and the council forced to invest the remaining £40k into systems and processes to stop it from happening again...

    1. Anonymous Coward
      Anonymous Coward

      Re: Grrrr

      I'd prefer that the paradigm of creating regulatory fines to pay for the upkeep of the regulatory apparatus be curtailed. Hitting lawbreakers in the wallet hurts, true, but so does jail. It might even been a stronger deterrent.

    2. Number6

      Re: Grrrr

      Taxpayers should be on the hook for government mistakes, they have the power to vote out those in charge and really ought to be more concerned about the quality of the candidates put forward for election. I have no objection to individuals being prosecuted for blatant negligence though, although there should be robust checks in place to make it hard for an individual to screw up.

      1. Oliver Mayes

        Re: Grrrr

        We don't vote for the minions in council offices across the country. Changing the colour of the tie at the top doesn't have any effect on these sorts of people.

        1. Halfmad

          Re: Grrrr

          NO but what those at the top can do is fire people for gross misconduct or have HR policies written to state that a breach will be handled as gross misconduct.

          It never is though.

          1. AMBxx Silver badge
            Joke

            You're missing the point

            Lessons have been learned!

      2. Anonymous Coward
        Anonymous Coward

        Re: Grrrr

        "Taxpayers should be on the hook for government mistakes, they have the power to vote out those in charge"

        Great idea! Now, could you just explain, how do I vote out Amber Rudd for the wholesale mistake that is her approach to data security and privacy? and next year, when there's no general election, how are they held to account - and immediately, not after waiting for a few years?

        1. werdsmith Silver badge

          Re: Grrrr

          Taxpayers should be on the hook for government mistakes, they have the power to vote out those in charge

          LOL

          Your faith in the democratic process is comical.

          1. allthecoolshortnamesweretaken

            Re: Grrrr

            "Your faith in the democratic process is comical."

            If you've got a viable alternative, let's hear it.

    3. Halfmad

      Re: Grrrr

      Your argument makes little sense, if you've ever been involved in a breach you'd know that it's typically down to one persons mistake initially then a series of mistakes over the course of the next few days as people try to cover it up. The "best" breaches are those where staff put their hands up so you can try to contain and get control back over that information (usually not possible, but sometimes it is), you can then notify the ICO and you can talk to those involved most importantly the data subjects who's information has been spewed.

      In terms of "taxpayer coughing up" the monetary penalty goes from the council to central government, it doesn't go to the ICO and then essentially through loans etc to councils will end up back there eventually.

      The public need to start understanding that public sector organisations, (especially the NHS - and I'm excluding GPs as those are PRIVATE contractors) are very good at self-reporting to the ICO. This is why the stats typically show that the public sector are AWFUL at handling information but in reality they are generally better than private firms, just that they are far happier to notify the ICO when something happens.

      Having worked in private and public sector over the past 25 years I can honestly say I've personally reported my organisations to the ICO half a dozen times, yet never had approval from private companies to do so - even when the incident was arguably far, far worse. It comes down to money and lack of "give a toss" about data subjects.

  5. Anonymous Coward
    Anonymous Coward

    I'm such a victim, m'lud.

    Round here, the 'family'; that applied to turn the field they had bought with 'agricultural permissions' only successfully were allowed to add hard standing and a toilet block 'because their daughter was 'disabled, and needed a peaceful quiet life' before they then rented spaces out to about 50 more caravans.

    1. Your alien overlord - fear me

      Re: I'm such a victim, m'lud.

      if it's the countryside, do it like bears do - in the woods. And no one disturbs bears in the woods do they?

    2. Version 1.0 Silver badge

      Re: I'm such a victim, m'lud.

      Farmers have been doing this for years but they all have "friends" on the council so it's never a "problem" in that anyone gets their feet held to the fire - unless planning permission gets withheld of course.

  6. Anonymous Coward
    Anonymous Coward

    So... most importantly did the victims get the money? Did the people that did the deed actually get punished? Somehow I doubt it...

  7. The Nazz

    Named council employees?

    In the numerous instances of this type where the council quite readily release private data, are there ever any instances where the names of those council employees responsible ( lowly office staff to the "Chief executives") are disclosed? I suspect not.

    Agreed, that it is long overdue that such people should face criminal charges themselves..

    1. Halfmad

      Re: Named council employees?

      As the guy who works in public sector at the moment and who reports my organisation to the ICO when there's a breach I'd love for staff to face disciplinary when it happens. I rarely see that though.

      Mistakes happen, genuine "shit I sent that to the wrong person" mistakes, should people lose their job over it? Well personally I think that should always be an option when they've caused actual harm by their actions. However I have yet to see it happen.

      Staff names are typically removed from reports the ICO get, I'd love them to demand those and public those involved. My name will be on the ICO multiple times - as the person reporting it and the contact for the organisation, but others should be up there for having been held responsible for the breach.

      This shouldn't just be the chief execs though, it has to include those who have direct line management responsibility if training was permitted to slip, if policies were not up to date and staff not aware of them etc. Putting a single name up won't be enough, it has to be the "chain of command" from top to bottom that could have prevented it.

      There are also typically prosecutions that could be brought but again never are. Section 55 of the DPA is one such area but there are many others - we simply done' hold people accountable, but then again we don't for virus infections either even when it's personal USB sticks brought in from home - because the organisation should simply have tools to block those working right?

      But surely if that sort of thing isn't permitted by policy (rules of your employment essentially) then you should be sacked for doing it?

      IT breaches in general are seen as trivial when it comes to disciplinary action, I've seen people hit far harder for mistakes on their time sheets or breaking a window by accident..

  8. JaitcH
    Unhappy

    It's always heartening when the superior level of government . . .

    slaps down those many arrogant bastards who inhabit our city halls.

    Whomever thought they were fit to handle any confidential data was less, far less, than smart.

    Local tin-hats should be made personally responsible for breaches of law instead of sticking the costs on local council bills.

  9. dieseltaylor

    The size of the fine is interesting as it is more than pharmacy2u got fined for deliberately selling lists of clients names and diseases and addresses. A very specific list was sold to an Australian "lottery" company.

    ICO fined them £130,000 which actually means £117,000. They have not been struck off the NHS recommended list and it has badly upset the pharmicistb and doctors bodies. Curiously they hold the belief that this information is private and pharmacies should know that.

    I think the Basildon fine is in the right ball-park but agree that the fine should not be for rate-payers and also those in charge of the sytems /training etc need publicity etc. The fine by ICO for pharmacy2U was totally inadequate, as is the NHS response [zero].

  10. John Smith 19 Gold badge
    Unhappy

    Won't change a thing...

    Till someone senior does go to jail.

    The PHB class is always sooo much more sensitive about any curtailment of being able to do WTF they want WTF they want to do it.

  11. nigglec
    Facepalm

    Shades of grey?

    Obviously the council should not be publishing personal details but if those personal details were included in the planning permission as justification for the proposed building etc. I can see how they would slip through the gaps. Planning permissions are meant to be public record (with good reason!) but if someone states that they need X,Y,Z built and it wouldn’t be authorised if there were no medical/disability component then the medical/disability reason has to be a matter of public record. However, I’m not saying for one moment that the level of detail that seems to have been published in this case is justified.

    As to the scale of the fine: no problem with the actual amount per se but I don’t know if I would be happy with it all going to the family concerned. I think you would have to make a very, very good case to justify personal damage/stress etc. for that amount.

  12. Dieter Haussmann

    So if you want to build a house in a restricted zone such as on arable land, put a static on it and play the disabled and mental gypsies seeking reasonable adaptations card. Simples.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like