Royal Borough of Windsor & Maidenhead

Breach details

What Personal data disclosed on the council’s intranet in error.
How much 257 records.
When January 2013.
Why A spreadsheet containing details of individuals who had not signed a new employment contract was wrongly appended to a review document for general access on the intranet, rather than being added separately as a restricted item. The ICO investigation revealed that data protection and information security training for those with access to personal data had not been mandatory and that the policies on handling personal data were incomplete.

Regulatory action

ActionUndertaking to comply with the seventh data protection principle.

Regulator ICO
When 26 November 2013.
Details The Council will review and revise its data protection policies and ensure existing staff have appropriate training by 31 December 2013. All new staff whose roles involve access to personal data will receive training as soon as they begin their employment at the Council. Compliance with these policies and the training will be regularly monitored and enforced.