LewishamNews

Lewisham admits data breach – but downplays impact of exposing contact details of residents

Yann Tear

By Robert Firth, Local Democracy Reporter

Personal details of residents who commented on a planning application were published on Lewisham council’s website for almost a year.

The names, addresses and contact details of 156 individuals were uploaded to the local authority’s website for 11 months.

Information about the data breach was disclosed in documents published ahead of a council meeting last Wednesday.

A file containing personal details of residents who had commented on the planning application was uploaded to Lewisham’s website in March 2023, according to a public question about the incident submitted by an individual called Joanne King.

Officials only became aware of the data breach after a member of the public notified the council about it in February this year, according to an answer provided by Councillor Amanda De Ryk, cabinet member for finance.

The council subsequently removed the document containing the residents’ personal details from the website and wrote to those whose details were published.

But Lewisham didn’t inform the Information Commissioner’s Office (ICO), the public body responsible for data privacy, about the incident.

According to Cllr De Ryk’s response, ICO guidance states that the body should only be told about a data breach if it is likely to result in a threat to individuals’ rights and freedoms.

She said that the council had concluded the data published didn’t include ‘special category data’, e.g. details relating to a person’s race, religion, belief, sexual orientation or health.

Cllr De Ryk’s response continued: “In many cases the data breached is already in the public domain (e.g. published on the electoral roll). The data was in the public domain for 11 months without any of the public contacting the council to make us aware of any adverse impact caused by the data breach.

“The council’s data protection officer applied these factors to its breach risk matrix to determine if the breach reached the threshold for notifying the ICO and concluded that it had not.”

The residents whose personal details were published on the council’s website had commented on a planning application relating to Hither Green railway station.

Pictured top: Lewisham council’s headquarters in Catford (Picture: Google Street View)

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Everyone at the South London Press thanks you for your continued support.

Former Housing Secretary Robert Jenrick has encouraged everyone in the country who can afford to do so to buy a newspaper, and told the Downing Street press briefing:

“A FREE COUNTRY NEEDS A FREE PRESS, AND THE NEWSPAPERS OF OUR COUNTRY ARE UNDER SIGNIFICANT FINANCIAL PRESSURE”

If you can afford to do so, we would be so grateful if you can make a donation which will allow us to continue to bring stories to you, both in print and online. Or please make cheques payable to “MSI Media Limited” and send by post to South London Press, Unit 112, 160 Bromley Road, Catford, London SE6 2NZ

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.