New Forest District Council has escaped serious punishment from the Information Commissioner’s Office after it repeatedly posted the personal data of citizens applying for planning permission on its website.
A local resident raised a complaint with the Hampshire authority in 2008 after their planning permission application, which appeared on the council’s website, did not have all of the personally identifiable data edited out. New Forest subsequently corrected the oversight, but continued making similar errors with other applications until as recently as July 2010. The problems were then brought to the attention of data watchdog the ICO.
Speaking at an information security conference earlier this month, the Information commissioner Christopher Graham said he would would be exerting his power to fine organisations "soon". The maximum penalty it can apply is £500,000.
However, the ICO says it is satisfied that New Forest District Council has taken all necessary steps to prevent similar incidents in future.
"While we appreciate it is difficult for any organisation to give a 100% guarantee that they will comply with the act, we expect authorities to put the most effective data protection measures in place and to ensure they are upheld," said Sally-Anne Poole, the ICO’s enforcement group manager, in a statement. "We will be monitoring other local authorities to scope compliance in this area on a national level. Any council found to have an unacceptable error rate may be subject to regulatory action."
Also this month, the ICO demurred to fine Google for collecting UK citizen’s private data while taking photographs for its StreetView mapping service, despite describing the episode as "a significant breach of the first principle of the Data Protection Act".