Alan Lunt, Brent Council's Strategic Director for Regeneration and Environment has written to the 970 recipients of Friday's email apologising for the data breach.
He said:
Please accept my apologies for the sending of an email on Friday regarding the consultation on the Neasden Stations Growth Area SPD, which showed email addresses when they should have been hidden. This was a human error. This security incident is being investigated by the data protection team.
We are reviewing our practice and process, in addition to exploring with IT ways of ensuring that this type of error cannot happen again.
The vast majority of emails recipients are for companies, stakeholders and staff and consequently we have assessed the risks to you in terms of any data mis-use as low.
Former Liberal Democrat councillor, Alison Hopkins, who was one of the recipients of Friday's email has replied to Mr Lunt:
I note that I have had no response to my formal complaint to Brent's DPO (Data Protection Officer)
I have spoken to the ICO (Information Commissioner's Office) this morning and consider your response to be wholly inadequate. They concur and I am raising a formal complaint with them.
Your statement that the risk to me is "low" is a dismissive brush off. It is presumably based on Brent's opinion, rather than any proven and sound foundation, and as such legally remains merely your opinion rather than any properly tested fact.
As someone with decades in IT and considerable experience of GDPR and safeguarding practice, the risk is considerably more than "low". Given the seriousness of the original "error", how am I to trust any assessment you have made, especially as you have given no detail of how this conclusion was reached?
I have no knowledge of the companies, stakeholders and staff you refer to, their credentials or probity. In any event, this statement is not acceptable under GDPR rules.