Lancashire Police Authority criticised for leaking personal details on its web site

Body breached Data Protection Act by publishing details of an individual's confidential complaint

Lancashire Police Authority has been found to have breached the Data Protection Act after it published details of an individual's confidential complaint on its web site.

The police authority failed to remove the details, which were marked as restricted, from two documents before they were published online, the Information Commissioner's Office (ICO) said today.

Furthermore, the Lancashire Police Authority also failed to remove the information after the complainant made it aware of the breach, leaving the information online for a further four days before it was removed.

The ICO has not fined the authority but has ordered it to make sure that any information due for release on its web site is checked before it is published.

The authority has also agreed to introduce a new policy for staff, which explains the actions they must take when informed of a possible data breach.

Chief executive Miranda Carruthers-Watt has also signed an undertaking to ensure that procedures are introduced to make sure that all minutes and agendas are quality assured by an appropriate member of staff prior to being published on the authority's web site.

"While it is important that public authorities are transparent about the work they do by publishing information online, this should never be at the expense of an individual's rights to privacy," said Simon Entwisle, director of operations at the ICO.

"This case should act as a warning to all public authorities that information security must be seen as a priority across the organisation," he added.