Public Services > Local Government

Islington fined £70k after parking system flaw leaves personal data at risk

Published 17 August 2017

System's design faults put data of 89,000 people at risk of being accessed by external users

 

The London Borough of Islington has been fined  £70,000 by the Information Commissioner’s Office (ICO)after design faults in its TicketViewer system allowed unauthorised access sensitive personal information.

Islington Council’s Ticket Viewer system was set up by the council to enable users to see a CCTV image or video of their alleged parking offence. The system carried over 89,000 people’s information, including some sensitive personal information such as medical details relating to appeals.

The system flaw came to light in October 2015 when the council was informed by an end user that the system's folders containing personal data were accessible by manipulating the URL.

Following an Information Commissioner’s Office (ICO) investigation, it was found that the system's design faults posed the data of 89,000 people at risk of being accessed by external users.  It was discovered that there was unauthorised access to 119 documents on the system 235 times from 36 unique IP addresses, affecting 71 people.

The ICO found that the London borough had failed to take the appropriate technical measures to keep personal information secure and issued a £70,000 fine for breach of the Data Protection Act.

ICO said, "The council should have tested the system both prior to going live and regularly after that."

The EU's General Data Protection Regulation (GDPR) is a new law which will enter into force in the UK from May 2018.

GDPR requires organisations must carry out a privacy impact assessment in certain circumstances when using new technologies that may result in a higher risk in exposing users' sensitive data. The government has confirmed Brexit will not affect the commencement of the GDPR.








We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.