Cornwall Council has sent personal information about its staff, including salary details and redundancy packages, to the wrong individuals.
The whistleblower who reported the breach said that letters were sent to 300 staff, but despite admitting to the breach, the council has claimed that only 50 people were affected, blaming the breach on a “data transfer error”.
The council, which has about 6,000 staff, is in the middle of a restructuring programme as a result of budget cuts.
“Approximately 50 employees received letters concerning the proposed impact of the re-organisation, which contained inaccurate information,” a council spokesperson said.
They added that the affected employees were contacted as soon as the error emerged.
“The inaccurate letters have been recalled and accurate letters provided,” they said.
The council explained that it had apologised to the employees concerned for its error and has kept the trade unions informed of the issue and the action taken to address it as part of an ongoing consultation process.
However, when Computing asked the council if the Information Commissioner’s Office (ICO) had been in touch with regards to the data breach, the council suggested that it had not.
Computing contacted the ICO to find out if there will be an investigation into the data breach and whether any action will be taken against the council. The ICO said it would look into the matter.
In the meantime, the council said it was “implementing the relevant internal data protection procedures which will include a formal investigation into the circumstances of this data protection breach”.
The council is the latest in a long line of public and private sector organisations that have failed to protect their data. Within the past year, the likes of Target, JP Morgan, and most recently, Sony Pictures, have all suffered data breaches that have had a huge impact on their businesses.