Showing posts with label Neasden Stations. Show all posts
Showing posts with label Neasden Stations. Show all posts

Tuesday, 22 June 2021

LATEST: Brent Council statement on Neasden Stations Consultation email data breach

A Brent Council spokesperson said: 

"As soon as we became aware of this mistake, it was immediately flagged with the council's Information Governance team who are working with the team concerned.

"We have already apologised to the recipients and made them aware it was not intentional and due to human error. We're also exploring ways of ensuring that this type of error cannot happen again in consultation exercises.

"We would encourage people to participate in the Neasden consultation and offer us their ideas on making the area around Neasden Station a nicer and better place for people in Brent. "

Brent Council apologises for Friday's email data breach - investigation underway

Alan Lunt, Brent Council's Strategic Director for Regeneration and Environment has written to the 970 recipients of Friday's email apologising for the data breach.

He said:

Please accept my apologies for the sending of an email on Friday regarding the consultation on the Neasden Stations Growth Area SPD, which showed email addresses when they should have been hidden. This was a human error. This security incident is being investigated by the data protection team.

We are reviewing our practice and process, in addition to exploring with IT ways of ensuring that this type of error cannot happen again.

The vast majority of emails recipients are for companies, stakeholders and staff and consequently we have assessed the risks to you in terms of any data mis-use as low.

Former Liberal Democrat councillor, Alison Hopkins, who was one of the recipients of Friday's email has replied to Mr Lunt:

I note that I have had no response to my formal complaint to Brent's DPO (Data Protection Officer)

I have spoken to the ICO (Information Commissioner's Office) this morning and consider your response to be wholly inadequate. They concur and I am raising a formal complaint with them.

Your statement that the risk to me is "low" is a dismissive brush off. It is presumably based on Brent's opinion, rather than any proven and sound foundation, and as such legally remains merely your opinion rather than any properly tested fact.

As someone with decades in IT and considerable experience of GDPR and safeguarding practice, the risk is considerably more than "low". Given the seriousness of the original "error", how am I to trust any assessment you have made, especially as you have given no detail of how this conclusion was reached?

I have no knowledge of the companies, stakeholders and staff you refer to, their credentials or probity. In any event, this statement is not acceptable under GDPR rules.