Council discloses information on staff and councillors in FOI data breach

November 3, 2023

Southend-on-Sea City Council has referred itself to the Information Commissioner’s Office (ICO) following a data breach involving information relating to staff and some elected councillors.

The council said it had notified employees and was “in the process of contacting a limited number of other individuals following the incident”.

This involved the inadvertent disclosure of some personal data in a Freedom of Information (FOI) request.

Southend said: “A spreadsheet containing anonymised job role and structure data for one department was uploaded to an FOI website in response to a freedom of information request on 17 May 2023.

“Whilst the document was locked, read only and at first look contained only the anonymised information requested, the council became aware on Friday 27 October that further personal and special category data of all council staff and leavers as of 31 March 2023 could be opened by interrogating the spreadsheet.”

Cllr Tony Cox, leader of Southend-on-Sea City Council, said: “We have immediately begun an investigation to understand how this happened and I sincerely apologise to those affected on behalf of the organisation.

“It is important to stress that this information did not contain bank details and was not obvious or visible without interrogation of the spreadsheet.

“However, this information included details such as national insurance numbers, pension scheme details, salary, names and addresses and equal opportunities data where provided.”

Cllr Cox said the breach also included a less extensive list relating to elected councillors as of 31 March 2023.

“The spreadsheet has been removed from the website, we have self-reported this as a data breach to the Information Commissioner's Office, and councillors, staff and former staff affected are being informed, along with providing advice and support to them,” he added.

“We have also taken immediate actions, including starting to investigate how this happened, undertaking an initial assessment to understand the potential risk to staff and whether the data could be used in a harmful way, providing advice and support to all staff affected, and stopping the use of Excel spreadsheets in our FOI responses. We are also reviewing our FOI protocols to ensure this cannot happen again.”

Council discloses information on staff and councillors in FOI data breach

Judge remits FOI case after finding First-Tier Tribunal was wrong to strike out proceedings, amid doubts over reliability of previous evidence from council

Information watchdog publishes guidance on transparency in health and social care

Council loses appeal over FOI request for names of those who submitted consultation responses as part of their public-facing roles

Information watchdog seeks views on accuracy of generative AI models in third call for evidence

Cornerstone on Social Housing Fraud

A guide to UK data protection law with relevant provisions of the Data Protection Act 2018

Cornerstone on Information Law

Making Decisions Judicially - A Guide for Decision-Makers

A Practical Guide to GDPR for Schools

Information Rights

Essential Law for Cemetery and Crematorium Managers

Director of Law and Governance