ICO alerted after DWP publishes personal data of 6,000 benefit claimants

Written by Sam Trendall on 16 November 2020 in News
News

Department claims that ‘no-one can be identified’ from information published

Credit: Kirsty O'Connor/PA Wire/PA Images

Regulators have been alerted after the Department for Work and Pensions mistakenly published personal details of more than 6,000 claimants of the Personal Independence Payment benefit.

Two spreadsheets – containing the National Insurance numbers of about 6,400 people that claim the benefit – were first published in 2018, and the data remained publicly available online for more than two years. This was recently spotted by privacy advocacy group Big Brother Watch, and then reported on last week by the Mirror – which alerted the DWP.

The spreadsheets have now been taken down, and the department said that it has informed the Information Commissioner’s Office of the incident.


Related content


“Information issued in error as part of our regular transparency releases has been removed and will be replaced with revised data as soon as possible,” a DWP spokesperson added. "While no one can be identified from the additional information published, we apologise for the mistake. We take our responsibility to protect data very seriously and have reported the incident to the Information Commissioner’s Office.”

A representative of the data-protection watchdog indicated that it was “assessing the information provided” by the DWP and considering if further action is required.

PIP, which was introduced in 2013, replaced the Disability Living Allowance and provides financial support for those with a disability or long-term health condition. About 2.6 million citizens are eligible to claim – around a third of whom are entitled to the maximum payout of £151.40 per week.

Jake Hurfurt, head of research and investigations at Big Brother Watch said: “The DWP’s reckless publication of data that could identify people receiving disability welfare is a gross violation of privacy. It underlines the department’s increasing appetite to hoover up and spit out welfare data without considering the reasons why they are processing it or even taking care to do so lawfully. The department needs to prioritise apologising to the people affected for putting their privacy at risk in the breach and warn them of the risk, instead of just removing the file and saying nothing.” 

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Related Sponsored Articles

How Your Privacy Program is a Competitive Differentiator
29 January 2021

OneTrust presents the reasons why your organisation should invest in privacy management - and offers three easy tips for getting started 

Email security incidents happen every 12 hours – it’s time to close the gap in Microsoft 365
21 January 2021

The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...

The rapid, low-risk cloud transition solution for Oracle customers
1 March 2021

Jointly, Equinix and Cintra enable organisations with mission-critical Oracle workloads to accelerate their journey to cloud, while minimising transition risks - here's how

How to Secure Your Microsoft Cloud Estate from Phishing Emails
8 February 2021

Phishing emails are one of the most pernicious threats facing organisations today. If you’ve been leveraging Microsoft 365 and Azure to keep your users productive whilst working remotely, Six...