A SCOTTISH council is being probed by the UK’s data protection watchdog after personal details of objectors to a flood prevention scheme were published online.
The details were first published in October by East Lothian Council (ELC) but, despite apologising to furious residents, it failed to fix the issue properly.
The council also told the Information Commissioner’s Office (ICO) for Scotland that the names had been taken down, even though some were still there until the Sunday National contacted officials on Thursday.
A spokesperson for the ICO has now confirmed the council is being investigated about the breach.
One of the protesters against the flood scheme proposed for Musselburgh, which has risen in cost from less than £10 million to nearly £100m, said he was “shocked” but not “surprised” the council had failed to tackle the data breach properly.
“It’s absolutely ridiculous that they didn’t check that they had actually fixed the data breach,” said Dr Jeffrey Wright.
“They’ve left all these folks’ personal data exposed on the web for anyone to find and at risk of data identity theft.
“So much for their ‘detailed investigation’ that they said they had carried out.”
He added: “This shows the same incompetence that East Lothian Council has demonstrated throughout the whole flood scheme process, and how little care and attention they and their highly paid consultants have shown towards the people of East Lothian.
“I hope the Information Commissioner will properly and independently investigate this data breach now and hold Labour-controlled East Lothian Council to account for why they told everyone it was fixed.”
One woman, who had previously been threatened in a Facebook post following her objection to the Musselburgh scheme, told the Sunday National she was “upset and angry” her contact details had been posted online by the council.
Campaigners are calling for a halt to the proposed scheme for high concrete walls along the River Esk and harbour seafront which they say will scar the town’s green spaces, damage the environment and involve the felling of mature trees along the riverside.
A total of 470 valid objections to the scheme have been lodged, including from Nature Scot and Historic Scotland.
Protesters claim the flooding risk has been overstated, nature-based solutions have not been properly considered and the scheme is not worth the financial cost which has rocketed from £8.9m in 2016 to £96m so far.
The objections were put up online on Friday, October 21, but the data breach was only discovered by one objector late the following Monday evening.
At that point, ELC stated that the Information Commissioner for Scotland had been informed of the breach and added that those dissatisfied with the council’s response had the right to complain to the commissioner.
However when another of the objectors tried to deliver a letter of complaint to the commissioner at the address given by the council, she found that it was a residential block of flats in Edinburgh instead of the correct address at Queen Elizabeth House.
On Friday, an ELC spokesperson said: “Action was previously taken to remove the documents from the website before re-publishing with redactions.
“Having further reviewed Appendix 11, an additional redaction has been applied and the document uploaded again.”
An ICO spokesperson said: “We are making further inquiries with the council.”
