UK municipality council exposes employee data in Freedom of Information Act error

The Southend-on-Sea Municipality,  has become part of the list of public entities in the UK that have inadvertently disclosed confidential information. The council admitted to unintentionally making public the personal details of over 2,000 employees for a duration of five months.

This incident of data leakage is one of several that have plagued UK public sector bodies, involving the unintentional release of sensitive information. In this instance, the breach occurred due to an error in processing a request under the Freedom of Information Act 2000.

The council mistakenly uploaded a document intended to share anonymized organizational structure information, only to later realize that the file also contained private and sensitive personal data accessible upon further examination.

The file in question was uploaded on May 17 and was intended to be read-only. The oversight came to light on October 27, by which time the personal details of:

• 1,854 current employees,
• 276 former staff members,
• 169 office holders and canvassers,
• 55 councilors and co-opted committee members.

The compromised information included

• names,
• home addresses,
• national insurance numbers,
• details of pension schemes,
• salary figures,
• equal opportunity data.

The council has since reported itself to the Information Commissioner's Office (ICO). An ICO representative has issued a caution against the use of original source Excel files for public responses to FoI requests after a string of similar breaches involving accidental data inclusion in spreadsheets.