Showing posts with label email. Show all posts
Showing posts with label email. Show all posts

Tuesday 26 September 2017

Information Commissioner's Office calls on Brent Council to take measures to avoid future data protection breaches

Following the data breach by Brent Council when e-mail addresses of residents were sent to recipients of a message about a meeting acomplaint was made to the Information Commissioner's Office.

This is their response:

-->
You have contacted us to complain that Brent Council appears to have inappropriately disclosed your personal data.

Summary of case

In this case, your email address was cc’d into an email and disclosed to other individuals.

It would therefore appear that Brent Council has breached the Data Protection Act 1998 (DPA).

Role of the ICO

Our role is to ensure that organisations follow the Data Protection Act 1998 properly. If things go wrong we will provide advice and ask the organisation to try to put things right. Our overall aim is to improve the way organisations handle personal information.

Next steps

Although it appears that Brent Council has breached the DPA, it would seem that this is down to human error, and the ICO does not consider it necessary to take any further regulatory action at this stage.

However, we have contacted the council to advise them of our view. We have also asked that they take the following measures to ensure that similar breaches do not occur in the future:
  • To remind all staff to take extra due care and attention when sending emails by double checking addresses and only sending out relevant and appropriate information in future.
  • To use the bcc feature when sending emails to numerous individuals with external email domains, to ensure that email addresses are not disclosed to other parties.
  • To check that all staff have undertaken data protection training within the last 12 months.
  • Inform any other parties whose data may have been inappropriately disclosed in this case.

Although we do not intend to take any further regulatory action on this case, this will remain on our systems to help us build a picture of Brent Council’s information rights handling.

We will continue to monitor the council’s data protection practices, and should any regulatory action be taken against them in the future, your case may form a part of our intelligence against them. You can view any regulatory action we do take on our website, using the following link: https://ico.org.uk/action-weve-taken/

Friday 1 September 2017

Data protection breach by Brent Council

Brent Council accidentally released more than 1,000 email addresses yesterday when it failed to blind copy recipients of an email about a meeting of Brent Disability Forum.

The list included the private email addresses of people on Brent Connects email lists and the Citizens Panel. The list may have been spread wider if recipients forwarded the details (it was about a change of venue) to other parties.

An apology was issued after the breach:
This is to apologise for sending out email address list. This was done in error in regards Brent Disability Forum – Change of venue.
I undestand that at least one of the people affected has  complained to the Information Commissioners Office.

Brent Council has not yet responded to my request for a statement.

Friday 14 March 2014

Email Fraud: Will the new broom reach into some murky corners?

Guest blogger Meg Howarth continues to press for answers in 'The Case of the Fraudulent Emails'. It should be straightforward but...

New brooms generally sweep clean, so it's to be hoped that Brent police's freshly appointed borough commander, Chief Superintendent Michael Gallagher, has already put his officers to work on a thorough investigation into this affair (WM 13 March). Brent Council may technically be the 'victim' of this email scam but it's local residents whose addresses were stolen and abused (alongside some out-of-borough suspect comments). It's they who are the real victims. 

It shouldn't be forgotten, either, that it's Brent's incompetence that allowed its IT planning system to be spoofed in this way. While the council may have now got its online act together, some of its constituents are awaiting an answer to the question: who stole their addresses in an apparent attempt to aid developer Andrew Gillick's change-of-use planning application for Kensal Rise Library? Would matters have been cleared up sooner if the council originally passed all of its information to Action Fraud (WM 27 Feb, also 4 & 6 Feb)? Residents, not procedures, must now come first.

Given the on/off, toing and froing over this business - from no inquiry on 31 January to a change of police mind, the involvement of Kensington and Chelsea police, and finally Brent - the sad reality is that it seems as if the sifting of what police have termed the 'complex' evidence of apparent fraud has fallen to the local force. If its investigation can't be completed before Mr Gillick's latest planning application - submitted on 7 March - goes before Brent's planning committee, the developer's application must be put on hold pending the outcome of its inquiry. This is in everyone's interests, including that of the applicant himself. 

To date, the council has argued that under the provisions of the Town and Country Planning Act 1990 it

'has a responsibility and obligation to consider any valid planning application that is put forward from any individual(s). It must consider each on its merits in accordance with its statutory obligations'. 

As a member of Brent's Planning and Regeneration team has admitted, attempting to influence a planning decision (itself a criminal offence) through fake emails is 'not mentioned in the [1990] Act'. Bizarrely, instead of drawing what most would see as the obvious conclusion - putting an application on hold until an active police inquiry is complete - the officer concludes: 

'...consequently the LPA [local planning authority, in this case Brent] could not decide to decline any application that was submitted to it for consideration, providing that it met the validation requirements that apply to all planning application submissions'...!

Why not? Isn't an active police inquiry sufficient reason - just as someone might be suspended from a job while an  investigation into his/her conduct is underway? If Andrew Gillick is exonerated, his planning application can then be considered free from this long shadow. 

Footnote: Michael Gallagher began work as Brent's police boss on 3 March. A one-time member of Scotland Yard's Specialist Crime directorate, his previous posting was in Lewisham. Prior to that he was deployed in Lambeth.

Thursday 13 March 2014

Has email planning fraud probe been downgraded?

Guest blog by Meg Howarth
 
It seems that the investigation in to the fake online email support around Andrew Gillick’s original planning application for Kensal Rise Library is now in the hands of Brent police. To date, it had been understood that the Kensington and Chelsea force - the developer’s office is sited in the borough - was dealing with the matter after it was passed evidence and information about the misuse of addresses by the City Police National Fraud and Investigation Bureau (NFIB) - Wembley Matters, 27 February.

Today, however, west London journalist Hannah Bewley is reporting that the local force is now in charge of the inquiry in to whether the allegation of fraud can be substantiated. This is allegedly because Brent Council is technically the ‘victim’ in this sordid affair - it was to the council planning department that the emails were sent. 

As the council spokesman quoted in the Local Government Chronicle on 6 November 2013 stated: ‘It is clear that a number of the emails came from bogus email addresses but, unfortunately, it is not so clear that this necessarily constitutes a criminal offence’ LINK

Evidence of misuse of addresses was first brought to the council’s attention in September of last year, and today’s update suggests a police decision is likely to take some time yet: ‘Due to the complex nature of the evidence, the [Brent police] review may take a while for a decision to be arrived at’. It is six months since the matter was reported to the council, How much longer must local residents wait? 

To some local residents the handing over of the inquiry to Brent police appears like a downgrading of the affair. If Brent Council is the victim, why was the matter ever sent over to the Kensington and Chelsea force? Was this incompetence by the NFIB or a misunderstanding?

Meantime, Andrew Gillick submitted a revised change-of-use planning application for the Kensal Rise Library site on 7 March...

Wednesday 19 February 2014

How to opt out of the NHS care data scheme

At a meeting last night I couldn't find anyone who had received their letter about the sharing of individual's medical data so it is good news that implementation has been delayed for six months.

There are concerns about the security of the system and its possible misuse. This was discussed in the Guardian 18 months ago: LINK

If you decide you want to opt out of the system, which is your right, Fax Your GP Com LINK have set uo an easy facility. This is what they say:

We’re a very small group of volunteers who think it should be very easy for people to opt out of the new NHS care.data centralised database of medical records.

Unless you opt out now, care.data will soon store the medical records of everyone in England, yours included, in one giant database.

Our confidential health information will then be shared with companies and other public bodies.

Some people we respect think care.data is, on balance, a good thing.
Some people we respect think care.data is, on balance, a bad thing.

What we know for certain is that the NHS hasn’t made it easy for you to exercise your right to opt out. We think this really isn’t wise.

The NHS leaflet explaining care.data says you should ‘let your GP know’ if you want to opt out.
But GP surgeries are busy. If you ring up wanting to opt out they’ll ask you to write to them instead. That’s fair enough – their priority is treating the sick.

It’s 2014. The NHS really should have made it easy to opt out via the web.
So we thought we’d help out.

First, we found the fax numbers for every GP practice (sadly, very few let you email them). After you’ve entered your details, our clever computers automatically fax your letter asking to opt-out of the care.data database straight to your GP practice.

It’s free. It’s secure. And we don’t store any of your personal data once your opt-out fax has been received by your GP. So we won’t email trying to sign you up for other campaigns.

Sadly we can’t make any 100% watertight promises that this site will always work. Your GP’s fax number might be listed incorrectly on the NHS website, for example.

So if you want total reassurance, it might be best to print out an opt out letter and pop it round to your GP yourself.

However, we have done this sort of thing before, and so know it works well. Back in 1999/2000 some of us built FaxYourMP.com, to make it easy for people to contact their MP, since in those days most MPs didn’t publish their email addresses. A bit like GPs, today, in fact.

We didn’t expect to have to resurrect a similar service nearly 15 years later. Frankly, we shouldn’t have had to, but needs must.

— Stef Magdalinski and friends.

The Keep Our NHS Public leaflet downloadable below contains an opt-out letter you can take to your GP:


Thursday 6 February 2014

Police may look again at email fraud evidence in Kensal Rise development

The Evening Standard LINK  is reporting tonight that the police are set to launch an inquiry into the fraudulent emails that supported developer Andrew Gillick's planning application for the Kensal Rise Library building.

Hannah Bewley, who reports on Brent for the Harrow Observer, however has uploaded a story LINK that states:
A spokesman for Kensington and Chelsea police, which is dealing with the investigation, said: “Police have been informed that there is further evidence to support the allegation of fraud and are awaiting receipt thereof. A decision whether to progress the allegation will be made after all the evidence has been scrutinised.”
Clearly that raises the question of whether all the information was handed over by Brent Council  or perhaps the 'further evidence' is from individuals whose names and addresses were used without their consent. 

Whatever the case news that the police are now taking the issue seriously after their earlier dismissive attitude is welcome.


Wednesday 8 August 2012

Warning: Navin Shah's email account hacked in scam

Navin Shah's office has sent an urgent message after his contacts received an e-mail purporting to be from him asking for money after he had been held up by armed robbers  in Spain. This is a version of a fairly common scam that is sent out to all the people in the victim's address book after the account has been hacked.

IGNORE NAVIN SHAH'S E-MAIL

Dear all,
Navin Shah's personal account has been hacked so please delete it and take no action if you received it. Navin is currently in India, in case you have tried to contact him to tell him about the fraudulent.
Apologies for this.
Kind regards,

Sophie
Sophie Kimber
PA to Navin Shah AM
London Assembly Member for Brent and Harrow
London Assembly Labour Group
City Hall
The Queen's Walk
London SE1 2AA