Unauthorised disclosure of personal data.
On the first occasion personal data of relatively low sensitivity held in local development plan consultation comment forms was disclosed. On the second occasion planning application documents were published on a website, containing personal data.
Undertaking issued to ensure that adequate security measures are put in place to prevent unauthorised access to personal data from the data controller’s website.
Reason for action
It was felt that insufficient care was taken to prevent the disclosure of personal details such as telephone numbers and email addresses.
18 Apr 2012