Local authority disclosed names 1,400 of disabled people and their carers in now-removed spending data spreadsheet

The council claims it removed the information ’29 hours’ after being alerted  Credit: West Sussex County Council

West Sussex County Council (WSCC) has launched an investigation after wrongly publishing online the details of about 1,400 disabled people and carers.

The names were featured in a spreadsheet that was published as part of the council’s practice of disclosing all instances spending over £100. To help protect the identities of vulnerable citizens and those that care for them, their names should have been removed from these documents prior to publication.

However, according to the BBC, this redaction has been performed erratically since 2010, when the council first published spending data in this way. Last month data scientist Andrew Rowson alerted the council to the wrongly published details.

The council said: “As soon as the problem was reported to us, we removed the spreadsheet from the website in under 29 hours.

WSCC said that individuals’ names represented the only personal information contained in the spreadsheets. But the authority admitted additional checks could have allowed some of the people affected to be identified by anyone seeking to do so.

Related content

• “Unacceptable & inexcusable”: council hit with £70k fine for leaving vulnerable people’s info wide open
• ICO fines Islington Council £70,000 after website endangers 89,000 people’s data
• Probe launched into leak of more than 500 junior doctors’ personal details

“Although the spreadsheet contained transaction numbers and payment amounts, the only personal details recorded were names,” the council said. “We would like to reassure residents that the spreadsheet did not contain any sensitive personal data which would put individuals at risk, in the event that identification through data matching with alternative sources was carried out.” 

It added: “We accept that persons seeking to identify individuals could do so in some cases by making additional checks through other data sources. It is for that reason we removed the data.”

The council added that it is undertaking an investigation into the rest of its published spending information, and will work with the Information Commissioner’s Office in doing so.

“As a local authority, we are required to publish all expenditure data,” it said. “Our investigation is continuing and we will be carrying out further analysis of the data during this time closely following the guidance issued by the Information Commissioner’s Office.”

The not-for-profit fraud-prevention body Cifas offers local authorities a free service to protect vulnerable people from fraud. The Protective Registration for the Vulnerable offering imposes additional checks and monitoring on all applications for financial services made in the name of those considered at risk.