St Albans council escapes punishment for sending taxpayers’ bank details to wrong people

St Albans council offices.

St Albans council offices. - Credit: Archant

The Information Commissioner has decided not to punish St Albans district council after it sent taxpayers’ bank details to the wrong people.

On Thursday, October 5, SADC sent out several council tax demands, liability order notifications, and direct debit confirmation letters.

Some of the letters were enveloped incorrectly, meaning residents received both their own letter, and another person’s.

The council’s deputy chief executive Colm O’Callaghan said: “We have apologised to the individuals concerned for this regrettable data breach.

“We notified the Information Commissioner’s Office which carried out an investigation and decided no action needed to be taken against us.

“The Commissioner made three recommendations about future working practices and we have already implemented two of those. We will soon take on board the third.

“The council holds a considerable amount of personal data and the security of that data is a major priority.

Most Read

“Fortunately, this breach is an isolated incident and no harm appears to have resulted from it.”

The council knows of 11 people who were affected by this breach, and four of the letters included bank details

Everyone who could have been affected has been written to, and it is not known if anyone has become a victim of fraud because of the error.

The council sasy a failure to follow procedure and a machine fault were behind the breach.

They became aware of the breach on Friday, October 6 and discovered the number of people who had been affected on Tuesday, October 10.

The breach was reported to the Information Commissioner’s Office on Thursday, October 12.

The Commissioner previously found St Albans council had breached the Data Protection Act in 2010 after a laptop containing the postal vote records of 14,500 people was stolen.

Although the data was password-protected, it was not encrypted, where data is converted from a readable format to a version that can only be opened with the decryption key.

Instant messaging apps such as WhatsApp use encryption to ensure messages can only be seen by the author and the intended recipient.