Home   News   Article

Subscribe Now

Stratford District Council worker given caution by police after stealing 79,000 residents’ email addresses




A council worker who stole 79,000 email addresses has been given a caution by police.

The breach came to light in November, and it revealed this week that an employee of Stratford District Council took the emails in order to promote a business not related to the council.

Alarm bells rang after a number of residents complained to the council about unsolicited emails.

Elizabeth House, Stratford District Council's headquarters.
Elizabeth House, Stratford District Council's headquarters.

The identity of the thief is being protected. They no are no longer employed by the council, but the circumstances of their leaving has not been revealed.

Investigations showed that the data breach included a database of email addresses which had been supplied to the council by district residents who subscribe to the garden waste collection.

Further investigations found that the breach also extended to a database of email addresses of Warwick District Council residents held by SDC as part of the joint working between the two Councils.

Due to the theft of personal information, the matter was also referred to Warwickshire Police who carried out their own investigation and have issued the individual concerned with a caution for knowingly/recklessly obtain or disclose personal data without the consent of the controller (offence under Data Protection Act 2018).

Such cautions are often seen as a ‘slap on the wrist’ or a ‘first warning’ for low-level crime. It means the individual has accepted their guilt, but it avoids a prosecution and is not a conviction. The caution remains on a person’s record, and will be disclosed if they apply for certain jobs.

A spokesperson for SDC commented: “The member of staff is no longer employed by the council and has sincerely apologised for their actions and assurances have been received from Warwickshire Police, that all the information that was taken has been deleted.”

The matter was reported by both councils to the Information Commissioner’s Office – who deal with data protection issues – and they have confirmed that under the circumstances they will not be taking any action against either authority.

David Buckland, SDC chief executive, said: “On behalf of the council I would like to apologise for this data breach. When the council was alerted to this, we immediately began a full investigation to understand how this happened.

"It is important to stress that this information only contained email addresses, it did not contain any bank details, or names and addresses. We have concluded through our investigations that this data breach was a deliberate act by an individual, and not a breakdown of the robust internal controls we have in place.”

Mr Buckland continued: “I would like to reassure residents that this was an isolated incident. The district council takes the protection of people’s data seriously and the systems we have in place are safe.”

Chris Elliott, Warwick District Council chief executive, added: “Despite the robust procedures in place to protect resident’s information, it has been very disappointing to find that an employee has acted independently for their own gain. I would like to reassure our residents that this was an isolated incident, and I am satisfied that the necessary steps have been taken and the data breach is now resolved.”



This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies - Learn More