Walsall Council has been slammed by the data watchdog after the personal details of hundreds of its residents – including names, addresses and signatures – ended up in a skip.
The cock-up was sparked when the council hired a contractor to clear out some of its offices, and, in doing so, dispose of residents’ postal vote statements.
An Information Commissioner’s Office investigation found that the council did not have a contract in place with the organisation processing this personal information. The council also failed to provide its contractor with instructions on how the information should be kept secure, as required under the Data Protection Act.
The statements – which were disposed of in March 2011 by the external contractor on the council’s behalf – included people’s names, addresses, dates of birth and signatures. In fact, all the information needed for a classic identity theft operation.
But despite the council’s best efforts, 951 statements have not been recovered and are believed to have ended up in landfill or been destroyed.
ICO director of operations Simon Entwisle said: “While councils can hire contractors to process personal information on their behalf, they must remember that they are still ultimately responsible for ensuring people’s information is kept secure. Obviously little thought was given to this when the statements were disposed of in the skip.”
