The UK election watchdog has apologised after it inadvertently released the details of a pro-Union campaign group on its website.
The Electoral Commission failed to redact the details for 168 individuals who had donated to Scotland in Union, after a Freedom of Information request.
The full names of those who donated could be seen by simply cutting and pasting the spreadsheet after a technical issue enabled access to the personal information. The body now faces an investigation by the Information Commissioner's Office and potentially a large fine for breaching the Data Protection Act 1998.
The Scotland in Union was set up after the 2014 independence referendum and describes itself as a non-party organisation campaigning to promote Scotland in the UK.
The group's website promises to process its supporters data in compliance with the Data Protection Act 1998.
They responded to a request from the Electoral Commission to supply a list of donors who had pledged 500 or more.
The group said the information was encrypted, to protect its supporters right to privacy, but after the commission published the list on the website, it quickly became apparent that it had not been properly redacted.
The spreadsheet could be cut and pasted into another document where the names could all be seen by removing the blanked out details.
The commission is supposed to use data sanitising tools to remove data from documents, rather than just blank out the information, but due to a technical issue the information was discovered and circulated widely on social media.
Speaking to the BBC, the group claimed some of its supporters had already faced harassment as a result of the error.
"We have still to receive a full explanation from the Electoral Commission as to why they placed private information about our supporters in the public domain and we are consulting our legal team about next steps," said a spokesman.
"Unfortunately, we have already had instances of supporters being harassed as a result of the Electoral Commission's breach. This is completely unacceptable."
The release of such information may be in violation of the Data Protection Act 1998 and could result in criminal prosecution or a penalty of up to 500,000.
In a statement, the Electoral Commission said: "On 25 April the commission was notified of a technical issue with the application of redactions in a Freedom of Information response published on the commission's website.
"The redaction was ineffective and enabled access to personal information in relation to donations to Scotland in Union. The commission takes the management of data extremely seriously and regrets this issue.We are taking all reasonable action to minimise any harm caused and to rectify matters where we can."
The statement added: "We immediately removed the response from our website and are working with Scotland in Union to ensure that the individuals affected are notified.
"The Information Commissioner's Office has been formally notified of the breach. We are carrying out a full test of our redaction tool to understand how it occurred and will subsequently update internal procedures if required."
Image credit: Shutterstock
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
AI inferencing with AMD EPYC™ processorswhitepaper Providing an excellent platform for CPU-based AI inferencing
-
Green Quadrant: Enterprise carbon management software 2022Whitepaper Detailing the 15 most prominent carbon management software vendors to see if they fit your requirements
-
Robotic process automationWhitepaper A no-hype buyer's guide
-
The increasing need for environmental intelligence solutionsWhitepaper How sustainability has become a major business priority and is continuing to grow in importance
-
Why developers are turning to ultra-powerful workstations for more creative freedom at less costWhitepaper The market for AI applications is immense and their economic value even greater
-
2022 Magic Quadrant for data integration toolsWhitepaper Using research to evaluate suitable vendors for their existing and upcoming data integration use cases
-
Appian Europe: 'Our data fabric system offers features unavailable anywhere else'News The cloud firm says its updated system gives customers more control over their data than ever before, while retaining its low-code pedigree
-
The Total Economic Impact™ of IBM robotic process automationWhitepaper Cost savings and business benefits enabled by robotic process automation
