15 Jan Council reported to Information Commissioner over data breach
A council has been reported to the Office of the Information Commissioner after they sent huge amounts of confidential data to several taxi firms.
Leicester City Council emailed “hundreds, potentially thousands” of vulnerable people’s personal information, including those of children.
The confidential information was sent on a spreadsheet to 27 different companies who are applying for the contract with Leicester City Council for the transportation of people in care or with special needs.
Statutory bodies often have one company they regularly use for arranging rides for staff or people under the care of the local authority to ensure safety and compliance with the law.
The authority said the data protection breach was being taken “very seriously’ and an investigation had been launched with Conservative Cllr Ross Grant, who sits on the overview select committee, saying the news made him feel “sick in my stomach”.
The original email was sent on Tuesday morning with a recall email not being sent until over 24 hours later.
The recall said: “[The original] email had a large file attached to it called ‘Taxi Tender Live v 3’ that contains passenger information and was sent in error to your company.
“Please delete this email. Please then delete the email from your “Deleted items” folder. Please do not try to open or read it.”
It then stated disclosing any information from the email was a breach of the Data Protection Act.
“We are talking children the court has taken action to protect from someone who would put them at risk and the council is potentially the organisation leaking their address,” added Cllr Grant.
“There is no guarantee this has not been copied and spread, we cannot put the genie back in the bottle.
“I am not happy at all, I have had no answers to my questions from the council and if I don’t get some I will be taking it to a higher level.”
A spokesperson for Labour-controlled Leicester City Council said: “Information would normally be shared with taxi companies on a much more limited basis.
“We take data protection and confidentiality very seriously and took immediate action, contacting all of the firms and asking them to delete the information.
“We are investigating and will report this incident to the Information Commissioner’s Office.”