Bristol City Council has apologised after a data breach relating to Clean Air Zone applications. The incident - which saw around one hundred people's email addresses being disclosed in a mass send-out - has been referred to the Information Commissioner’s Office.
Phil, from Brislington, was one of those people who was copied into the email last week. The dad said he submitted his application for a grant ages ago in case he was able to get some support towards a new car.
The resident said that, in their response saying he was not eligible for the CAZ's financial assistance scheme, Bristol City Council CCed in 95 other people. Straight away people started responding in the email chain to say that was a data breach, he continued, and later on that day they received an apology from the council.
Read next: Social worker barred for dishonesty and misconduct
"I was just a bit annoyed by it," he continued. "They are giving out your personal email as well as an indication of what you earn which is quite personal information.
"I think it is carelessness - someone clearly just made a mistake. But you would think they would have policies and procedures in place to prevent this from happening.
"They are most likely to be handling personal data every day - this is bread and butter stuff. It is just frustrating."
The email chain, seen by BristolLive, shows the council apologising for the data breach on the afternoon of October 17. It says: "Apologies for sharing email addresses in this previous email. This was sent in error, and should have been sent as a blind copy.
"We have now attempted to recall this email, but please delete this and do not respond to all. This will be reported to our data controller as part of our data protection policy."
A spokesperson for Bristol City Council said: “We are aware that a breach of the General Data Protection Regulation (GDPR) has occurred and we have been in contact with those affected and have apologised. This case has been referred to the Information Commissioner’s Office (ICO) in line with the accepted process for reporting data breaches and we will comply fully with their protocol.”
Back in 2020, the names and email addresses of children who are disabled or have special educational needs were sent out in a mass email following a council blunder.
Read next:
- Cigarette-named road "morally unacceptable", anti-smoking campaigners say
- Fears Bristol Clean Air Zone will 'trap' disabled people at home
- Bristol City Council pays £3.8K compensation for leaving SEND girl without education for seven months
- Fight against HMOs in Bristol area is a 'losing battle' due to loophole
- Councillors reject Filton HMO despite warnings of costly appeal