publicSIRO

Northumberland County Council has reported itself to the Information Commissioner’s Office after a data handling mishap left thousands of pensioners exposed to possible identity theft.

The incident involved an unfortunate series of events which began when the Council gave a mailing company an address file which accidentally contained the National Insurance details of 6,597 former employees, which it had forgotten to delete.  The mailing company then posted out a ‘pensions newsletter’ to the ex-employees, with each recipient’s National Insurance number put on show beside their name and address.

The ICO has apparently taken a dim view of the matter, with a local newspaper reporting:

“The Information Commissioner’s Office (ICO) last night said the combination of a person’s national insurance details, their name and address could, if they fell into the wrong hands, “help to build up a picture of someone’s life” and put them at risk of identity theft… The ICO said it takes any breach of the act very seriously and could make the council sign an undertaking to say it will not happen again.”

A spokesperson for Northumberland County Council described the incident as ‘a clear and very regrettable case of human error’.  Chris Heane, the Council’s information security officer, commented:

“An error has occurred where the addressee has had their national insurance number printed within the address box. This is a breach of the Data Protection Act which we sincerely apologise for and we are currently investigating the cause. We have reported this incident to the Information Commissioners Office and we will be writing to each individual concerned to explain how this has happened.”

Source: The Journal, 8 April 2010.