Basildon Council was recently fined £150,000 for publishing sensitive personal information about a traveller family on its website, including details about disabilities and mental health issues.
The Information Commissioner’s Office (ICO) ruled the authority had breached the Data Protection Act when it failed to remove personal data contained in the details of a planning application, which was made publicly available online.
The council received a written statement in support of a planning application for proposed works on green belt land on July 16, 2015. The statement contained sensitive personal data relating to the traveller family who had lived on the site for several years.
The ICO said an inexperienced council officer did not notice the personal information, and there was no procedure in place for a second person to check it before it was published online. The information was only removed on September 4, 2015 when the concerns came to light.
ICO enforcement manager Sally Anne Poole said: “This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available.” A spokesman for Basildon Council said the authority was considering appealing.