Probe launched as confidential files appear on Camden Council’s website

Thursday, 8th December 2011


Published: December 8th, 2011
Special investigation by TOM FOOT

THE Town Hall is facing a probe by the country’s data protection watchdog after a New Journal investigation found files containing strictly confidential personal information were freely accessible on Camden Council’s website.

We alerted the Town Hall to the dangers of publishing uncensored licensing applications on Monday after opening and downloading dozens of the forms.

The applications contained names, home addresses, dates and places of birth, emails, telephone and National Insurance numbers – a goldmine of information for potential fraudsters.

Last night, the council issued an “unreserved” apology and said it was “extremely sorry” for what it described as an “unfortunate administrative error”.

Officials removed sections of the website containing thousands of documents with sensitive information.

Experts said the details in the applications were more than enough to open bank accounts, to apply for credit cards, loans and passports, and – a particular bugbear of the Town Hall – to commit benefit fraud.

The potential victims would have been anybody who has recently applied for a licence.

A Town Hall spokeswoman confirmed a recovery process was under way with thousands of “temporary event notice” licensing applications under review.

She added that it was believed a “very small number” of people had been affected.

But the New Journal downloaded dozens of unredacted forms in just a few days’ research. A snapshot of the people affected include the chief operating manager of the Roundhouse, owners of restaurants in Belsize Park and Hampstead, Camden Town café owners and directors of community groups such as the Queen’s Crescent Community Association.

Entrepreneur Alex Proud, boss of Proud Galleries, whose personal information could have been downloaded by anyone before we raised the alarm, said: “It’s not very cool. This is the problem with having everything on the web. We want accountable councils and, to be fair, they are trying. But the downside is this sort of slip up.”

Tony Neate, managing director of government-funded Get Safe Online identity fraud advice service, said: “We are careful ourselves about this sort of thing and you would expect people in authority to treat our details in the same way we treat them.”

A spokeswoman for the Information Commissioner’s Office (ICO) said: “We will be making inquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”

The 1998 Act includes eight common-sense rules, known as the “data protection principles”, which require governmental bodies collecting personal information to handle it safely and “keep the information secure”.

A council spokeswoman added: “After this issue was brought to our attention we took steps to resolve the error, and have removed all temporary event notice applications from our website while we investigate this further.

“We apologise unreservedly to the small number of people affected by this and will be contacting them directly. We will take immediate and further steps to ensure this does not happen again.”

Related Articles