ICO fires warning over data protection breaches on planning applications

The Information Commissioner’s Office is to monitor local authorities across the country for compliance after a district council published the personal data of planning applicants on its website.

The watchdog received a complaint from a resident in 2008 that New Forest District Council had failed to appropriately redact personal data from their planning application before it was published on the authority’s site.

New Forest then removed the relevant data. However, the complainant continued to monitor the website and found personal data relating to other residents.

According to the ICO, the council initially improved its internal redaction procedure and introduced a self monitoring process. However, in July 2010, the watchdog discovered that further personal data was being published on the council’s website.

The ICO then reviewed New Forest’s systems and interviewed the staff directly responsible for the redaction process.

The watchdog said it was satisfied the council was taking the necessary steps to lessen the risk of a repeat of the Data Protection Act breach. New Forest’s chief executive, David Yates, has given the ICO his personal commitment to continue to employ such measures to ensure maximum compliance.

Sally-Anne Poole, enforcement group manager at the ICO, said: “While we appreciate it is difficult for any organisation to give a 100% guarantee that they will comply with the Act, we expect authorities to put the most effective data protection measures in place and to ensure they are upheld.

“We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action.”