THE Department of Work and Pensions (DWP) published more than 6,000 people's personal data online after they applied for benefits, it has been revealed.
Bungling officials apologised tonight after leaving what is understood to be a list of National Insurance numbers on the web for more than two years.
It is thought the personal data belonged to 6,441 people who were applying for disability benefit PIP, with lawyers calling it a "serious breach" of data protection, The Mirror reports.
In 2018 DWP officials listed thousands of payments for individuals' disability benefit assessments, alongside what are understood to have been people’s National Insurance numbers.
The spreadsheet containing the numbers was only removed on Monday.
Data protection lawyer Jon Belcher, of Blake Morgan, told the Mirror: “Assuming the data in the spreadsheets consists of national insurance numbers relating to individual PIP claimants, then this does appear to be a breach of data protection law.”
He added: “Because of the numbers of individuals involved, the sensitivity of the information and the length of time this information appears to have been publicly available, this is potentially a serious incident.”
A second lawyer, Jonathan Compton of DMH Stallard, agreed the error appeared to be a breach of the law.
He said the case would rank as “serious but not grave”, as no names or addresses were published but said the people involved being disabled, was an “aggravating factor”.
Nine-digit combinations of letters and digits – exactly matching the format for National Insurance numbers – appeared next to payments for PIP assessments and “factual reports”.
The Information Commissioner – which has powers to fine organisations up to £17.8million – is now examining the blunder and could launch a formal investigation.
A spokeswoman for the IC said: “People have the right to expect that organisations will handle their personal information securely and responsibly.
“The DWP has made us aware of an incident and we are assessing the information provided.”
A DWP spokesperson said: “Information issued in error as part of our regular transparency releases has been removed and will be replaced with revised data as soon as possible.
"While no one can be identified from the additional information published, we apologise for the mistake.
“We take our responsibility to protect data very seriously and have reported the incident to the Information Commissioner’s Office.”
Source: Read Full Article