THE Information Commissioner’s Office (ICO) is to take ‘no further action’ following a data breach at Ceredigion Council.
In a case dating back to 2018 members of the council’s audit committee will receive a report on the ICO case along with a letter outlining that “no further action by the ICO is necessary on this occasion.”
In August 2018 it was reported to the ICO that council agendas dating back to 2004 included 98 exempt documents, some of which included health and personal details of eight people, as well as names and addresses, company names, and transactions for the sale of land.
The committee discussed the matter in early 2019 and heard that the documents had been mistakenly published in 2013 when the council’s website was redesigned.
Four apologies were made and processes changed to reduce the risk of further breaches.
The report to the audit committee on Wednesday, July 29 states that the ICO’s reply, dated May 2019, had been sent to a member of staff who had left the authority and all correspondence was not sent via the Corporate Data Protection Team.
The team has now closed the matter, adds the report, which had been due for discussion in March.