A local authority accidentally disclosed the names of “hundreds” of children in care and vulnerable adults earlier this month.
An unnamed person at Leicester City Council accidentally included a “large spreadsheet” as an attachment in emails sent to 27 different taxi firms inviting tenders to transport children living in residential homes, as well as adults with disabilities.
Once the error was uncovered the following day, council officials quickly sent a recall notice. This email said the attachment had contained “passenger information”, the BBC reports.
“Please delete this email. Please then delete the email from your “Deleted items” folder. Please do not try to open or read it.”
It warned that disclosing any information found in the spreadsheet would be in breach of the Data Protection Act.
The Council said it had launched an investigation into the incident and insisted that it took data protection issues “very seriously”. It also promised to self-report the leak to the Information Commissioner.
But Councillor Ross Grant said the incident, which could involve the details of “hundreds, potentially thousands” of people, had made him feel “sick in my stomach”.
He explained:
“We are talking children the court has taken action to protect from someone who would put them at risk and the council is potentially the organisation leaking their address. There is no guarantee this has not been copied and spread, we cannot put the genie back in the bottle.”
The incident recalls one at Newcastle City Council in October. That also involved a spreadsheet containing a large quantity of sensitive personal information which had been wrongly attached to an email sent to outside organisations.
What bungling idiots. First thing ANYONE will do when told to double delete an email without opening it is… open it…
Yes, it’s like a sign saying WET PAINT – everyone will see whether it’s dry yet.
.
My office system has an Archive where deleted emails go – and neither the user not the IT Geek department can delete them for six years!
There exellant at beaching data, and failing to comply with safe guarding issues. It should be stamped on their CV, those who are registered that is.