Supposedly private electoral roll information is suspected to have been sold to junk mail companies in a series of leaks from local authorities.
The security lapses are thought to be so widespread that as many as one-in-four local authorities may have been involved. The Information Commissioner’s Office (ICO) says that a “software error” is reportedly to blame, while the Daily Mail newspaper has named Reading-based software company Idox for the mistake.
The data leak is believed to have affected only people who requested that their personal data not to be sold to third-party organisations when signing their annual electoral roll return.
Electoral rolls are typically passed on to credit reference agencies, who then sell the data to direct marketing companies. Electoral rolls in as many as 90 local authorities are thought to have been affected.
The ICO is now investigating and, bizarrely, has asked councils that may have been affected by the security lapse to come forward – rather than investigating them itself. Three councils in Wales – Rhondda Cynon Taf, Torfaen and Caerphilly – and Wokingham council in Berkshire are the only ones that have so far come forward.
Local authorities make hundreds of thousands of pounds from the sale of electoral roll – each record is worth about £5.
Wokingham council blamed the software it uses to manage its electoral roll data for the problem.
Andrew Moulton, Wokingham council’s head of governance and improvement services, told the Daily Mail: “As soon as we were made aware of the matter we took swift action to remove names and addresses from the public domain.”
He continued: “For a short time their names and addresses were incorrectly included on the edited register, which means they may have received material from direct marketing companies during this time. We have since provided the correct information to the various agencies that sell on this type of information and we believe personal details have now been removed.”
A spokesman for the ICO told the Daily Mail: “The full version of the electoral register should only be used for elections, preventing and detecting crime and checking applications for credit. Any suggestion that it has been made available for other purposes raises clear data protection concerns.”
It continued: “We are aware that a number of councils have reported that a software error has resulted in the full electoral register being made available more widely than it should have been. We are currently making enquiries into these potential data breaches.”