THE personal details of around 15,000 council employees were published in a data breach at a Scottish council, it has been revealed.
We exclusively told earlier this week how the Labour minority administration in South Lanarkshire, propped up by the Tories and LibDems, scrambled to cover its tracks after the gaffe and reported the incident to the Information Commissioner.
The data breach came after the council responded to a Freedom of Information (FOI) request, put in through the website whatdotheyknow.com, asking to learn details “of all pay scales including scale points, grades, and values in use for each year for 1996 – 2021”.
The GMB union said it will back any members at South Lanarkshire Council taking action if they suffered any financial loss as a result of the breach.
The council has confirmed a spreadsheet containing information about job titles, salaries and national insurance numbers was included in a freedom of information request about staff pay grades.
The local authority said it was a “human error” that the spreadsheet contained data that had not been anonymised.
This was spotted by the council, which said it arranged for the data to be removed.
However, the data was available on the popular freedom of information website What Do They Know for around a month.
The breach also affects ex-employees as it included the data of those who worked for the local authority prior to 2021.
One ex-employee of the council said they thought the local authority was trying to sweep the breach under the carpet.
She said: “A lot of people aren’t happy about it.
“They said they have asked the person to wipe it, but it’s five or six weeks too late.
“The council is trying to brush it under the carpet.
“There are a lot of people going to take legal advice and I’m one of them.
“The information is enough for any fraudster to use anything. Once they have your national insurance number, that’s all they need.
“What concerns me is, if that had been anybody else, we would get disciplined or sacked.”
The former council worker has called for those affected to be compensated.
She added: “They said the person has destroyed it, but how do we know that?
“The council are viewing this as low risk, but this isn’t low risk. Not in this day and age.”
GMB organiser Ude Adigwe said staff are right to be concerned and deserve more than assurances that such an error will not happen again.
He said: “This is a very concerning incident and poses serious questions about the council’s data management processes.
“Staff deserve more than a simple assurance from the council that policies and procedures have been tightened.
“They deserve an investigation, the fullest possible explanation of how this happened and to be told exactly what measures are being taken to stop it happening again.”
A spokesperson for South Lanarkshire Council said: “A spreadsheet containing anonymised employee data was uploaded to a website in response to a freedom of information request.
“Unfortunately as a result of human error, the spreadsheet contained a second page of personal data that had not been anonymised. The error was noticed by the council and we arranged for that data to be removed.
“To the best of our knowledge the information was not accessed, and we believe the data could not be used in a way that would be harmful to those involved.
“However, I can confirm that we are contacting those affected by the error and we have reported the breach to the Information Commissioner.”