An Essex council has been fined £150,000 for publishing sensitive personal information in an online planning application document.
The Information Commissioner’s Office (ICO) has issued the fine to Basildon Borough Council for breaching the Data Protection Act.
The investigation came after a statement in support of a planning application was published on its planning portal containing personal information on a static traveller family who had been living on the site for many years. The information included the family’s mental health issues, the names and ages of all the family members and the location of their home.
The ICO said the council failed to follow data protection procedures and training.
‘This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available,’ said ICO enforcement manager, Sally Anne Poole.
‘Planning applications in themselves can be controversial and emotive, so to include such sensitive information and leave it out there for all to see for several weeks is simply unacceptable.’
The council had argued it was not required under law to redact personal data from planning documents but this was rejected by the ICO.
Ms Poole added: ‘Data protection law is clear and planning regulations don’t remove an individual’s rights. Local authorities and, indeed, all organisations must be certain that their internal processes and procedures are robust and secure enough to ensure that people’s sensitive personal information is protected.’
A Basildon Council spokesman said: 'The council has been given 28 days in which to lodge an appeal against this decision. We are taking advice and considering our position.'
