THE personal details of around 15,000 council employees were published in a data breach at a Scottish council, it has been revealed.
We exclusively told earlier this week how the Labour minority administration in South Lanarkshire, propped up by the Tories and LibDems, scrambled to cover its tracks after the gaffe and reported the incident to the Information Commissioner.
The data breach came after the council responded to a Freedom of Information (FOI) request, put in through the website whatdotheyknow.com, asking to learn details “of all pay scales including scale points, grades, and values in use for each year for 1996 – 2021”.
READ MORE: Holyrood Weekly: Scottish independence at 'heart' of SNP General Election strategy
The GMB union said it will back any members at South Lanarkshire Council taking action if they suffered any financial loss as a result of the breach.
The council has confirmed a spreadsheet containing information about job titles, salaries and national insurance numbers was included in a freedom of information request about staff pay grades.
The local authority said it was a “human error” that the spreadsheet contained data that had not been anonymised.
This was spotted by the council, which said it arranged for the data to be removed.
However, the data was available on the popular freedom of information website What Do They Know for around a month.
The breach also affects ex-employees as it included the data of those who worked for the local authority prior to 2021.
One ex-employee of the council said they thought the local authority was trying to sweep the breach under the carpet.
She said: “A lot of people aren’t happy about it.
“They said they have asked the person to wipe it, but it’s five or six weeks too late.
“The council is trying to brush it under the carpet.
READ MORE: Question Time: SNP issue response to Fiona Bruce interruptions
“There are a lot of people going to take legal advice and I’m one of them.
“The information is enough for any fraudster to use anything. Once they have your national insurance number, that’s all they need.
“What concerns me is, if that had been anybody else, we would get disciplined or sacked.”
The former council worker has called for those affected to be compensated.
She added: “They said the person has destroyed it, but how do we know that?
“The council are viewing this as low risk, but this isn’t low risk. Not in this day and age.”
GMB organiser Ude Adigwe said staff are right to be concerned and deserve more than assurances that such an error will not happen again.
He said: “This is a very concerning incident and poses serious questions about the council’s data management processes.
“Staff deserve more than a simple assurance from the council that policies and procedures have been tightened.
“They deserve an investigation, the fullest possible explanation of how this happened and to be told exactly what measures are being taken to stop it happening again.”
READ MORE: Pete Wishart: Yes convention won't succeed without code of conduct
A spokesperson for South Lanarkshire Council said: “A spreadsheet containing anonymised employee data was uploaded to a website in response to a freedom of information request.
“Unfortunately as a result of human error, the spreadsheet contained a second page of personal data that had not been anonymised. The error was noticed by the council and we arranged for that data to be removed.
“To the best of our knowledge the information was not accessed, and we believe the data could not be used in a way that would be harmful to those involved.
“However, I can confirm that we are contacting those affected by the error and we have reported the breach to the Information Commissioner.”
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here