Evening Telegraph

Local council could get huge fine after employee sends personal data to 1,000+ landlords

A local authority has been forced to report itself to the Information Commissioner’s Office (ICO) after admitting a massive data breach.

Perth and Kinross Council could face a huge fine after revealing the personal email addresses of more than 1,000 property owners.

A staff member sent an email about an upcoming course on property management to every one of the landlords on its database.

Instead of masking the addresses, they sent the email to include them all – so every one of them could be read by each recipient.

Another email was sent a short time later asking every landlord to ignore and delete the offending message and confirming the council had confessed to the ICO about the breach.

Perth and Kinross Council will now face an anxious wait to discover what action the ICO will take, as the 2018 Data Protection Act gives the power to impose a fine of up to 20 million euros (£17 million).

A spokesman for the council said: “We take our responsibilities as a controller of personal data extremely seriously, and have reminded all staff of the importance of protecting that.”