Local authorities are being reminded of their obligations under the Data Protection Act to protect people from identity theft by restricting the amount of personal information which they publish on their websites. It follows a complaint against a Scottish council that was upheld by the Information Commissioner’s Office.
Ken Macdonald, Assistant Commissioner for Scotland at the ICO, has written to all Scottish local authorities following the complaint against Perth and Kinross Council, which published the signature of a member of the public on the Internet. He has underlined the need to take care with personal information such as phone numbers and signatures that may be used on their websites.
“In an age where the threat of identity theft is increasingly real, individuals must be able to trust organisations to look after their personal information,” Mr MacDonald said. He added that local authorities were obliged to publish certain information, such as details of planning applications or applications for various trading licences and some of these could include personal information about an individual. However, it was important, he said, that they did not publish other information unnecessarily as this could breach the Data Protection Act.
“Public authorities have a legal obligation to keep residents’ personal information secure. In addition, individuals should be informed which elements of their personal information will be published on the Internet,” Mr. MacDonald said.