St Albans council escapes punishment for sending taxpayers’ bank details to wrong people
- Credit: Archant
The Information Commissioner has decided not to punish St Albans district council after it sent taxpayers’ bank details to the wrong people.
On Thursday, October 5, SADC sent out several council tax demands, liability order notifications, and direct debit confirmation letters.
Some of the letters were enveloped incorrectly, meaning residents received both their own letter, and another person’s.
The council’s deputy chief executive Colm O’Callaghan said: “We have apologised to the individuals concerned for this regrettable data breach.
“We notified the Information Commissioner’s Office which carried out an investigation and decided no action needed to be taken against us.
“The Commissioner made three recommendations about future working practices and we have already implemented two of those. We will soon take on board the third.
“The council holds a considerable amount of personal data and the security of that data is a major priority.
- 1 Armed police seize machete from Sandpit Lane in St Albans
- 2 Rapist jailed for 15 years after kidnapping teen in Hemel Hempstead
- 3 Hertfordshire teen bullying victim given royal honour
- 4 Police probe into death of man in 20s at 'Kinky Towers' in Hertfordshire
- 5 Council confirms first monkeypox case in Hertfordshire
- 6 Peregrine falcon chick hatches at St Albans Cathedral in a city first
- 7 Every household in the UK to get £400 to help with rising energy bills
- 8 5 things you might not have known about Herts county council's new chairman
- 9 Clarence Park deckchairs banned following council concerns
- 10 Success for Harpenden actor after National Youth Theatre audition
“Fortunately, this breach is an isolated incident and no harm appears to have resulted from it.”
The council knows of 11 people who were affected by this breach, and four of the letters included bank details
Everyone who could have been affected has been written to, and it is not known if anyone has become a victim of fraud because of the error.
The council sasy a failure to follow procedure and a machine fault were behind the breach.
They became aware of the breach on Friday, October 6 and discovered the number of people who had been affected on Tuesday, October 10.
The breach was reported to the Information Commissioner’s Office on Thursday, October 12.
The Commissioner previously found St Albans council had breached the Data Protection Act in 2010 after a laptop containing the postal vote records of 14,500 people was stolen.
Although the data was password-protected, it was not encrypted, where data is converted from a readable format to a version that can only be opened with the decryption key.
Instant messaging apps such as WhatsApp use encryption to ensure messages can only be seen by the author and the intended recipient.