Dumfries and Galloway Council has been caught out by the Information Commissioner's Office (ICO) after details of 900 people were accidentally placed online.
Names, salaries and dates of birth of nearly 900 current and former employees of the council were mistakenly placed on its website as part of a Freedom of Information request response.
The data was open to anyone who visited the site between 23 March and 1 June 2011.
Procedures clearly went wrong in this case...
The information was only removed after affected individuals and a trade union put in complaints.
"Being open about council pay is a fundamental way that citizens can hold local authorities to account, but that should never be at the expense of upholding individuals' privacy rights," said Ken Macdonald, assistant commissioner for Scotland at the ICO.
"Procedures clearly went wrong in this case and I'm pleased that the council is reviewing its practices in light of the lessons that have been learned."
No fine was handed out, but the council agreed to carry out an audit of its data protection practices and improve on them.
The ICO has steered clear of issuing any fines of late, even in light of a slew of serious data breaches.
Earlier this month, it emerged East Surrey Hospital lost medical data of 800 patients in late 2010, marking another low point in the life of NHS information security.
Later in October, two educational institutions were caught breaking the Data Protection Act after failing to protect laptops that were later stolen.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
