London’s Royal Borough of Kensington & Chelsea has been fined £120,000 (approximately US $170,000) by the Information Commissioner’s Office (ICO) after it unlawfully identified 943 people who owned vacant properties in the borough.

How did the sensitive data leak out? Because of a sloppy understanding of how to wipe information properly out of Excel spreadsheets.

In June 2017, a horrific fire set a 24-storey tower block ablaze in the Royal Borough of Kensington & Chelsea, West London, destroying 151 homes. Despite the best efforts of the emergency services, over 70 people died in the blaze at Grenfell Tower, and hundreds of survivors found themselves with nowhere to live.

Kensington & Chelsea council found itself under intense pressure from the media, with accusations that it had failed to properly respond to safety warnings about the tower block and that its care for surviving residents had fallen short.

It’s in that climate that the council received three Freedom of Information (FOI) requests for statistics on how many empty properties were in the borough.

Responding to the FOI requests, a member of the council produced a pivot table containing a list of named owners against the addresses of empty properties in the borough. Clearly, it would not have been a good idea to disclose that information because of the risk of the information being exploited by criminals.

So, a list was complied of the number of empty properties with the intention that it would be disclosed to those who made the FOI applications. It was then pasted into a new spreadsheet.

When a member of the borough’s FOI team checked that no data had been included in the new spreadsheet, they scrolled through the cells, clicking once to check for hidden data.

Was that a good enough test?

Sadly not. Because the journalists (Read more...)