Council Publishes 15,000 Staff Salary Details Online

A county council has admitted accidentally publishing the personal details of some 15,000 staff online.

South Lanarkshire Council said the breach had been reported to the Information Commissioner’s Office (ICO).

The breach came after the organisation responded to a Freedom of Information (FOI) request submitted through website WhatDoTheyKnow, asking for pay grades in use from 1996 to 2021.

The spreadsheet sent in response was supposed to include only anonymised data, but part of the document had not been anonymised.

Data leak

It contained staff salaries, national insurance numbers and job titles, the authority confirmed.

But the leaked spreadsheet did not include bank details, dates of birth or addresses.

The council discovered the error earlier this month after the spreadsheet had been available online for about a month, and arranged for it to be removed.

The council said the leak was the result of “human error”.

Human error

“A spreadsheet containing anonymised employee data was uploaded to a website in response to a freedom of information request,” said a spokesperson for the council.

“Unfortunately as a result of human error, the spreadsheet contained a second page of personal data that had not been anonymised. The error was noticed by the council and we arranged for that data to be removed.”

The council said it did not believe the information had been accessed, and that it believed the data could not be used in a way that would be harmful to those affected.

It added that those involved were being contacted.

‘Very concerning’

The GMB union said it would support members at the council taking legal action if they suffered a financial loss as a result of the breach.

“This is a very concerning incident and poses serious questions about the council’s data management processes,” said GMB organiser Ude Adigwe.

“Staff deserve more than a simple assurance from the council that policies and procedures have been tightened.

“They deserve an investigation, the fullest possible explanation of how this happened and to be told exactly what measures are being taken to stop it happening again.”