Stratford council data breach extended to email addresses of Warwick district residents

A database of Warwick district residents’ email addresses was included in a Stratford District Council data breach last year.

Investigations have now concluded following the data breach in November.

Initial investigations showed that the data breach was restricted to a database of email addresses which had been supplied to the District Council by residents, with no further personal data affected.

Further investigations found that the breach also extended to a database of email addresses of Warwick District Council residents held by the authority as part of the joint working between the two councils.

David Buckland, chief executive of Stratford District Council said: “On behalf of the Council I would like to apologise for this data breach.

"When the council was alerted to this, we immediately began a full investigation to understand how this happened.

"It is important to stress that this information only contained email addresses, it did not contain any bank details, or names and addresses. We have concluded through our investigations that this data breach was a deliberate act by an individual, and not a breakdown of the robust internal controls we have in place.”

The investigation has determined that around 79,000 email addresses from the garden waste collection database were affected. These email addresses were taken by a member of staff with the purpose of promoting a business not related to the council.

Due to the theft of personal information, the matter was also referred to Warwickshire Police who carried out their own investigation and have issued the individual concerned with a caution for: Cautioned for knowingly/recklessly obtain or disclose personal data without the consent of the controller (offence under Data Protection Act 2018).

The member of staff is no longer employed by the council and has sincerely apologised for their actions and assurances have been received from Warwickshire Police, that all the information that was taken has been deleted.

Chris Elliott, Chief Executive, Warwick District Council, said: “Despite the robust procedures in place to protect resident’s information, it has been very disappointing to find that an employee has acted independently for their own gain.

"I would like to reassure our residents that this was an isolated incident, and I am satisfied that the necessary steps have been taken and the data breach is now resolved.”

“The matter was reported by both councils to the Information Commissioner’s Office, and they have confirmed that under the circumstances they will not be taking any action against either authority.

David Buckland added: “I would like to reassure residents that this was an isolated incident.

"Stratford District Council takes the protection of people’s data seriously and the systems we have in place are safe.”