Tuesday 26 July 2011

Probe after local council puts planning applicants' private information online

A MAJOR investigation has been launched after a county council uploaded personal information online, including birth certificates, bank account details and drivers' licences.

The Data Protection Commissioner is investigating the breach by Meath County Council, who only removed the sensitive data when it was notified by a member of the public.

However, last night the council told the Irish Independent they had "no way of knowing" how many people's personal details were uploaded onto the internet -- or whether the personal data had been left in planning files which were available for viewing in their offices.

It was also unable to indicate when the planning applications dated from.

Last night, a spokeswoman said the planning process was public and "every document submitted was part of the public record".

She could not clarify if bank details, birth certs and other sensitive documentation were available for viewing in their office but said staff had been advised to remove this information when giving a file for inspection "until the data protection issues are clarified by Data Protection Commissioner".

Rebecca Meade, whose birth certificate, driver's licence, bank account number, car insurance certificate and vehicle registration certificate were among the items uploaded, said she was "shocked" at the breach.


Ms Meade, of Castletown, Co Meath, sought planning permission in January for a one-off house.

Meath County Council has a Rural Housing Policy that meant applicants must prove they are from the area, or had been living there for some time.

"I had to prove that it was our family's land that I wanted to build on, that's why I had to submit the documentation," said Ms Meade.

"I would have expected that it would all have been kept private. It's just plain stupid to put all that stuff online."

Meanwhile, another planning permission applicant who did not wish to be named, said he was able to view the details of many of his neighbours in Meath before the information was removed.

He also said the publication of the details explained why he had so many builders and tradesmen contacting him last year.

"I got an awful lot of calls from tradesmen after I got the commencement notice," he said.

"I couldn't understand where they got my number from and I asked one of them.

"And he told me 'sure you can get all that stuff in the council office'.

"I had my home address on the application as well and a few builders called to the house and spoke to my mother, asking if I needed work done."

In 2010, 1,203 planning applications were received by Meath County Council, and 1,478 in 2009.

Last night, the council said it received a complaint "regarding a possible breach of data protection on its online planning facility", which went live last Monday.

It said the facility was disabled and a review of data management launched.

However, no internal investigation is taking place.

A spokeswoman said they would contact all those whose personal information had been uploaded.

But she could not confirm whether the sensitive data had been available in paper planning files that anybody could view in their offices. She also said that they were allowed to make mobile phone numbers available as part of the public planning system -- but a spokeswoman for the Data Commissioner's Office said that no contact details could be made public.

In 2006, a new application form was published with a detachable page "to ensure that these personal details could be removed prior to the publishing of planning applications on the planning authority's website".

A spokeswoman for the Data Protection Commissioner confirmed that they had received a data-breach report from the council that they were now investigating, as well a complaint from a member of the public.

Edel Kennedy
Irish Independent


No comments: