South Scotland

Dumfries and Galloway Council data breach actions accepted

Council
Image caption A report to the council says no further action is needed over the data protection breach

The Information Commissioner's Office has said it is satisfied with Dumfries and Galloway Council's actions in the wake of a data protection breach.

It followed the inadvertent release of personal information which was later posted on the internet.

It is understood that the data included redundancy payments to named local authority staff.

The ICO said that in light of remedial measures taken by the council, no further action was necessary.

The details were released in November last year in response to a Freedom of Information request from the WhatDoTheyKnow website.

'Lack of distress'

The council was eventually alerted to the blunder in February and immediately took steps to have the material removed from the web.

The authority said it was a genuine case of human error and offered a public apology to those affected.

A three-point action plan was subsequently undertaken to enhance data handling and protection procedures and prevent a repeat of the incident.

The ICO has now reviewed the case and issued its determination - a summary of which is included in a report to the authority's audit and risk management committee.

It concluded that the lack of "substantial damage and distress" to those affected, along with the steps taken after the incident, meant no further action was required.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites