Personal data on 2,376 citizens of the London Borough of Islington was published online after the council accidentally included it in its reposnse to a Freedom of Information Act request.
In May, an FOI request was submitted to Islington Borough Council via the WhatDoTheyKnow.com website. Last month, the council accidentally replied with a Microsoft Excel spreadsheet that contained data relating to council housing applications, including the name, marital status and sexuality of applicants.
WhatDoTheyKnow.com makes FOI responses available to access over the web, so the data passed into the public domain.
At first, some of the data was immediately visible in the Excel file and some was contained in hidden sheets. Seemingly having noticed its error, the council resupplied the files, but some of the data was still contained in hidden sheets, and therefore easily retrieved by anyone who downloaded the file.
The breach was identified by a volunteer at mySociety, the organisation that operates WhatDoTheyKnow.com. It informed the council and the ICO last week. The website’s logs indicated that the file was only downloaded seven times, mySociety said on a blog post about the incident.
Islington council is not the first organisation to fall foul of data hidden in Excel files. In January, pharmaceuticals giant AstraZeneca had to restate its financial forecast after "out-of-date planning information" was "inadvertently embedded in a spreadsheet template" sent to investment analysts.
It is the second data protection embarassment for the council this year, however. In April, 10 people facing a ban from a council estate for anti-social behaviour were given the names and addresses of the people who complained about them.