Published: 27 July, 2012
by ANDREW JOHNSON

BUNGLING council officials are scrambling to contain another massive data leak after it emerged that the names and addresses of 2,400 tenants had been posted on a website.

The cock-up follows a highly damaging leak in April when details of residents who complained about anti-social behaviour on the Andover estate in Holloway were handed over to the culprits.

Last Thursday, Labour crime chief Councillor Paul Convery assured a Town Hall watchdog committee looking into April’s leak that new tightened-up procedures had been put in place to prevent repeats of such blunders – even though one had already happened.

Lib Dem group leader Councillor Terry Stacy yesterday (Thursday) lambasted the council as “incompetent” and described the new leak as a “disaster”. “This comes less than a week after we were reassured by the Labour leadership, after supposedly thorough audits of data protection, that this couldn’t happen again,” he said.

The latest leak happened on June 26 when the housing department resp­onded to a Freedom of Information request into the ethnicity and gender of people it had rehoused. It handed over a spreadsheet containing the information to website Whatdotheyknow? which published it online. The spreadsheet had the names, marital status and add­resses of 2,400 residents.

The mistake happened because the sensitive information was not immediately visible, but could be accessed from the website by anyone familiar with the spreadsheet software.

The data was online for two weeks before the Town Hall was notified of the error on July 16, resulting in fears that the information could have fallen into the hands of identity thieves.

However, last Thursday Cllr Convery went before the council’s scrutiny committee to present a previously unpublished report into how the first leak had happened and gave assurances that new procedures were in place.

The report said that, while putting together 13 injunctions on 14 youths who were drug dealing and fighting on the Andover estate, personal details of residents who had complained – on a spreadsheet – had been handed to the youths with their injunctions.

While most of the spreadsheets have since been recovered, two are still potentially in the hands of troublemakers.

“This was a catastrophic mistake,” Cllr Convery told the watchdog committee. “Details were put in a spreadsheet, that spreadsheet was emailed to the legal department (which was preparing the injunctions).

“We had a very weak system with huge potential for error. This is one of the worst data loss events in my experience. I’ve never known anything like it.”

Earlier Labour deputy council leader Councillor Richard Greening had said: “We are confident that the culture is good and there is good awareness of data protection, which will stop this happening again.”

Cllr Convery added: “There are now systems in place to make sure a repeat of this kind of mistake is not likely.”

Yesterday, Cllr Convery told the Tribune he had not been informed of the second leak when he made these comments.

“I am slightly bothered,” he said. “I first heard about this on Monday this week. There are slight similarities between the two leaks – in the use of a spreadsheet and the housing department.

“What we’ve said in relation to the Andover breach is that all data should be recorded on a database rather than a spreadsheet as these are harder to extract information from. Spreadsheets are a loose form of data holding.” 

Labour housing chief Councillor James Murray said he was “angry and disappointed” at the new leak. “This should never have happened,” he added. “An investigation is under way and I have made it clear that I want every lesson to be learned.” The Town Hall has apologised to all the affected residents and offered advice on identity theft. It has notified the Information Commissioner of the blunder.