Leicester City Council scores home goal with fourth data breach this year

Can you trust your local council with personal data, such as passport numbers and dates of birth, as well as your address? It seems people are beginning to question whether they can, especially regarding Leicester City Council, after its fourth data breach this year.

These days, you have to supply all kinds of information to do all kinds of things. “We need a paper bill from a utility company, or your paper driving licence,” they say — yet many of us get our utility bills online and paper driving licences are no longer issued.

But for Attaulah Mamozai and Sefat Mosukhel, who were applying to Leicester City Council for a refreshment licence to sell hot food until 4 am Mondays through to Saturday for their takeaway restaurant, providing all sorts of personal data as part of the application process seemed par for the course.

When, however, dates of birth, passport numbers, details of their immigration status and phone numbers and full addresses were published online by the council, they must have been a tad surprised.

Their application was turned down, but the question of their privacy seems to be another matter.

A spokesman for the council said: “We can confirm that some personal information relating to two applicants was mistakenly published online as part of a licensing application report.

“We became aware of this today and immediately took the report offline.

“We will be looking at how this happened, but at this stage, it appears to be down to human error.

That’s all very well, but four breaches this year suggests human error is quite common at this particular council. And when councils require private data to consider an application, they take on a responsibility.

City councillor Ross Grant was not impressed. He said: “It all just seems very familiar and I can’t see how anyone with an understanding of data protection could have made this mistake.

“It seems there is a culture of data protection issues and lack of training. It’s difficult to fathom why there have been so many similar incidents.”


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/