Barrow council reported to regulator for data breach involving names and full addresses

Members of Barrow council have handed themselves over to the Information Commissioner’s Office following an inadvertent data breach in which names and addresses of Barrow taxi drivers were mailed to other cab drivers, the Mail reports.

A total of 24 cabbies licensed to operate in Barrow were contacted by the borough council in October to remind drivers that mid-term examinations were due on vehicles.

But a small printing malfunction put other taxi drivers’ names and addresses on the flipside of the letter, which amounts to a data breach under the terms of the General Data Protection Regulation (GDPR).

As soon as the indiscretion had been discovered, Barrow Borough Council sent out a letter of explanation to the 24 victims.

In the letter, Barrow council’s public protection manager, Graham Barker, said:

“Changes have already been made to our IT system to prevent this from occurring again and I sincerely apologise for this error.”

“We contacted the small number of individuals involved because we wanted to be open and transparent about this error, to offer our apologies and to let them know that we have put controls in place to prevent it occurring again,” he added.

Speaking to The Mail, Mr Barker said that the council did not feel that individuals whose details were compromised are likely to be adversely affected by the breach.

One of the victims said:

“The council has access to huge amounts of personal data, thousands of people, and you’d expect there would be serious consequences for whoever made a mistake like this.”

Transparency and prompt action in the face of data breaches are major themes of the GDPR which stipulates that organisations must report a breach to the regulator within 72 hours of its discovery.

If an intrusion is likely to adversely affect victims involved, then the organisation culpable for the data breach is obliged to contact data subjects, notify them of the situation and explain steps to take to minimise further damage.


The inaugural Data Protection World Forum (DPWF) was held on November 20th & 21st 2018 at the ExCeL London and welcomed over 3,000 delegates seeking the very latest insight on data protection and privacy.

Pre-registration for DPWF 2019 will be opening in the coming weeks.

https://www.dataprotectionworldforum.com/