Southend Council refers itself to ICO after data breach

Details of almost 2,000 staff and councillors were made public in a shocking data breach that could see crippling fines for Southend City Council.

The council, which has a £14million deficit, could face a huge fine after referring itself to the Information Commissioner’s Office (ICO) following a data breach in May.

It follows a Met Police data scare in August that led to an IT company gaining access to names, ranks, photos, vetting levels and pay numbers for 47,000 officers

In Southend’s breach, a spreadsheet containing anonymised job role and structure data for one department was uploaded online in response to a freedom of information request on May 17.

Initially, the council believed the FOI only contained anonymised information for one department, but actually it contained “personal and special category” data of all council staff and leavers as of March 31.

While it would not be immediately obvious anyone with spreadsheet expertise could find the data.

The breach included names, addresses and national insurance numbers and involves data of 1,854 permanent, fixed term and casual staff and 276 former staff.

A total of 169 agency, office holders and canvassers, along with councillors and co-opted members elected as of March 31 were also involved.

Councillor Tony Cox, leader of the council said: “We have immediately begun an investigation to understand how this happened and I sincerely apologise to those affected on behalf of the organisation.

“It is important to stress that this information did not contain bank details and was not obvious or visible without interrogation of the spreadsheet.

“However, this information included details such as national insurance numbers, pension scheme details, salary, names and addresses and equal opportunities data where provided.”

Cllr Cox added: “This breach also includes a less extensive list relating to elected councillors as of March 31.

“The spreadsheet has been taken down from the website. W have self-reported this as a data breach to the Information Commissioner’s Office, and councillors, staff and former staff affected are being informed, along with providing advice and support to them.

“We have also taken immediate actions, including starting to investigate how this happened, undertaking an initial assessment to understand the potential risk to staff and whether the data could be used in a harmful way, providing advice and support to all staff affected, and stopping the use of Excel spreadsheets in our FOI responses.”


Christine Sexton

Local Democracy Reporter