The ICO has published an article and associated guidance to help businesses disclose information safely.
The guidance comes in response to an incident at Islington Council, where the Council responded to a freedom of information request with spreadsheets that it did not realise included sensitive personal data. This resulted in the details of over 2000 residents being published online, and the Council received a £70,000 penalty.
There are many ways in which personal data can be inadvertently disclosed. This could be in response to a freedom of information request, in a subject access request from an employee, or even in data in marketing materials.
The ICO recognises that these incidents are occurring with alarming frequency. Its guidance aims to give businesses the tools they need to disclose information safely. The guidance provides a useful checklist of considerations to take into account when using datasets and disclosing information in different formats.
When disclosing data, businesses need to be wary and ensure that information is being safely redacted with no more data disclosed than absolutely necessary. Businesses need to be aware that the ICO is taking inadvertent disclosures of personal data very seriously. Businesses run the risk of incurring financial penalties by the ICO, and may also suffer reputational damage and associated adverse publicity.
Contributor: Grace Roddie
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at January 2016. Specific advice should be sought for specific cases. For more information see our terms & conditions on www.TLTsolicitors.com