The Information Commissioner’s Office (ICO) has revealed that the Walsall Council breached the Data Protection Act by "accidentally dumping" hundreds of local residents’ postal vote statements in a skip.
An investigation carried out by the information watchdog found that the council did not have a contract in place with the organisation processing the personal information of residents.
The council also failed to provide their contractor with instructions on how the information should be kept secure, as required under the Act, found the probe.
The ICO said the statements – which were disposed of in March 2011 by an external contractor on the council’s behalf – included people’s names, addresses, dates of birth and signatures.
Despite the council’s best efforts, 951 statements have not been recovered and are believed to have ended up in landfill or been destroyed, added the ICO.
Subsequently the ICO asked the council chief executive Paul Sheehan to sign a formal undertaking to ensure that contracts are put in place with all suppliers hired to process personal data on the council’s behalf.
ICO Director of Operations Simon Entwisle said: "While councils can hire contractors to process personal information on their behalf, they must remember that they are still ultimately responsible for ensuring people’s information is kept secure. Obviously little thought was given to this when the statements were disposed of in the skip."
"We are pleased that Walsall Council has now taken action to make sure that adequate security measures are put in place."
The ICO said that the council will also make sure that sufficient guarantees are agreed with their suppliers and will carry out checks to make sure that their own data protection polices and information security procedures are being followed.
