recent work

Council not fined after data breach confirmed

The Information Commissioner’s Office (ICO) concluded an investigation into complaints made about Kingston Council by confirming that they would not be fining them, even though it was confirmed that they had breached data protection laws – and could have faced a fine of up to £500,000.

An investigation by the information commissioner’s office (ICO) began in May after more than 100 rent statements were posted to the wrong addresses in Chessington. Residents in Charles Lesser House, Hereford Way, were shocked to find their two-page rent statements contained one sheet of their own information and a second page with somebody else’s personal data – including benefit entitlements, bank details and rent account numbers.

A spokesman from the information commissioner said: “After making inquiries into the incident the ICO has ruled the council did breach the data protection act by failing to keep the information secure.

“Following our inquiries and in line with our data protection regulatory action policy we concluded that, on this occasion, no further action was required.”

The head of Charles Lesser House Residents’ Association, Keith Dickinson, 62, said: “It caused a lot of embarrassment for a lot of people, but all that gets swept under the carpet.

“I think it is disappointing if they have been proven to be breaching data laws and do not get some punishment for it.

“If I did something like drive fast on a 20mph road I would get punished.

“It does not surprise me that they got away with it.”

Since April 2007 the information commissioner’s office has received eight complaints against Kingston Council, but only one was upheld with remedial action.

Surrey County Council was fined £120,000 last year after a series of blunders in which it emailed sensitive, personal information about hundreds of vulnerable individuals to the wrong people.