recent work

Portsmouth City Council signs formal undertaking following breach of Data Protection Act.

Portsmouth City Council has been found to have breached the Data Protection Act, after giving out personal details of an individual by mistake. The information in question related to the individuals physical and mental health, and was mistakenly provided following a ‘subject access request’ – an individual’s request to see the information a council held about them.

It was discovered that supervision and training into such requests was inadequate. Mick Gorrill, Head of Enforcement at the ICO, said:

“This breach of the Data Protection Act was entirely avoidable, and would not have happened if the individuals dealing with the request had been given proper training and the necessary levels of support. The fact that the information released included sensitive information relating to an individual, who wasn’t directly involved in the original request, could have caused a great deal of embarrassment and distress.

The Council has now signed a formal undertaking to ensure that all relevant staff are fully trained in how to handle subject access requests and that checks are put in place to ensure that third-party data is dealt with in accordance with the Act’s requirements.

To read the full undertaking, please go to now.

Absolute Data works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked and under-funded in organisations and an area where we can have a big impact for a modest investment.  For further information, please contact us now on