Southend-on-Sea City Council has referred itself to the Information Commissioner’s Office (ICO) following a data breach.
The Council has also notified employees and is in the process of contacting a limited number of other individuals following the incident, which involved the inadvertent disclosure of some personal data in a Freedom of Information (FOI) request.
A spreadsheet containing anonymised job role and structure data for one department was uploaded to an FOI website in response to a freedom of information request on 17 May 2023. Whilst the document was locked, read only and at first look contained only the anonymised information requested, the council became aware on Friday 27 October that further personal and special category data of all council staff and leavers as of 31 March 2023 could be opened by interrogating the spreadsheet.
Cllr Tony Cox, leader of the council said: “We have immediately begun an investigation to understand how this happened and I sincerely apologise to those affected on behalf of the organisation.
“It is important to stress that this information did not contain bank details and was not obvious or visible without interrogation of the spreadsheet.
“However, this information included details such as national insurance numbers, pension scheme details, salary, names and addresses and equal opportunities data where provided.
“This breach also includes a less extensive list relating to elected councillors as of 31 March 2023.
“The spreadsheet has been removed from the website, we have self-reported this as a data breach to the Information Commissioner's Office, and councillors, staff and former staff affected are being informed, along with providing advice and support to them.
“We have also taken immediate actions, including starting to investigate how this happened, undertaking an initial assessment to understand the potential risk to staff and whether the data could be used in a harmful way, providing advice and support to all staff affected, and stopping the use of Excel spreadsheets in our FOI responses. We are also reviewing our FOI protocols to ensure this cannot happen again.”