Serious Data Breach of Personal Information By Shepway District Council.
Shepway District Council have released the names of 82 individuals in their Excel Payments to Suppliers data, July 2017. The names, addresses and pay data belonging to the dead, disabled persons and temporary staff employed by SDC and others has been released in contravention of the Data Protection Act 1998.
All these individuals names, addresses and pay data should not have appeared in the data, but unfortunately SDC’s lack of sanity checking has revealed them. The revelation of this data has serious consequences for SDC with regards to the Data Protection Act 1998 and the EU Data Protection Directive. It also means that SDC MUST report themselves to the Information Commissioner’s Office (ICO) the body responsible for Data Protection. If perchance SDC do not, there is no need to worry, for we the Shepwayvox Team, as responsible citizens have reported it to the ICO.
55 of the 82 names relate to temporary staff, who were supplied by eight agencies. They have had their names and hourly or day rates revealed unnecessarily.
These are the agencies and the Departments where the temporary staff were assigned to:
Recruitment Solutions (Folkestone) Ltd – Grounds Maintenance, Royal Miltary Canal, Housing Options, Procurement, Legal Services, Business Support, Customer Services and Leadership & PA Support
HR Go Kent Ltd – Grounds Maintenance, Charity Areas, Royal Miltary Canal and Toilet Cleaners
Office Angels – Corporate Debt
Venn Group – Legal Services, Benefits & Pump Maintenance
Farrar Planning Ltd – Planning Control
Randstad CPE Ltd – Environmental Protection
Barry Cornelius – Accountancy, Interim Management Services
Anthony Swaine Architecture Ltd – Planning Control
and one self employed person.
The total costs for all these 55 temporary staff for July 2017, was £71,889. And yes we can see how much each of these individuals were paid, including their hourly rate and/or their daily rate of pay. The Local Government Transparency Code 2015 states that persons on or above £50,000 should be revealed, not persons below this.
The biggest tradegy is that SDC have released the names, addresses and amounts that eight individuals have received from the Disabled Facilities Grants. The total amount SDC revealed was £27,581. This is despicable. This is a very clearly a violation and breach of the Data Protection Principles
SDC have revealed the name of the dead. Three persons received a public health funeral provided for by Chittendens at a total cost of £3,456.
The data also reveals an Early Retirement Contribution to a former SDC employee. They received £12,400 in July 2017.
SDC gained a “Warrant of Possession” against a named individual for Council Tax. To lose one’s home is bad enough, but then to have one’s named released in SDC’s data, adds insult to injury.
For obvious reasons we cannot and will not reveal these names and addresses or individual amounts of money received. However, we have informed SDC by email and by phone to pull the information from their website as soon as possible. We have also informed the ICO, as we said. We did contact the Out of Hours Team over the weekend, but got no reply.
Also the data reveals that SDC classed the eviction of travellers from a site as “Pollution Reduction” this cannot be politically correct terminology in the 21st Century. Yes the travellers needed to be moved on at a cost of £2,276, but to allocate it to “Pollution Reduction” shows SDC’s mindset and how they see/perceive travellers.
We ask the people of Shepway if they wouldn’t mind a little “Pollution Reduction” with regards to the Conservative led administration. The costs we believe, would be well worth it, don’t you think?
The persons ultimately responsible for serious data breach, is of course, the Chief Executive Alistair Stewart (pictured). Cllr David Drury Monk Leader of SDC (pictured). Cllr Malcolm Dearden, Cabinet Member of Finance (pictured). Cllr Rory Love, Cabinet Member for Customers and Digital Delivery(pictured).
Finally, this balls up by SDC could end up costing the Shepway ratepayer up to £500,000, the maximum the ICO can fine any corporate body. This means we will potentially pick up the tab for their cock up. It’s clear these people do not live in the real world, nor do they seem to care or check the data they publish.
The Shepwayvox Team.
SDC have now pulled the data from their website as is clear from this screen shot (below) at 11.11am Monday 14th August 2017. The information remained in the public domain for nearly 96 hours (4 days)
They are idiots with a capital “C”
I think we know what the “c” stands for in SDC now too.
Is no one in SDC’s senior management competent?
I bet that they blame a junior member of staff or temporary worker….
There is at least one other ongoing ICO investigation into the way Shepway elected officers conduct themselves with regards to personal privacy. Watch this space!!