Three Welsh councils' electoral roll data breaches probed

An inquiry is under way after three Welsh councils said people's personal data may have been mistakenly sold.

The Information Commissioner's Office (ICO) said it was concerned about incidents involving Rhondda Cynon Taf, Caerphilly and Torfaen.

Their electoral rolls were passed to credit reference agencies, including details which should not go to third parties.

A computer software error has been blamed.

The credit ratings agency Experian said the error could result in some people receiving unwanted marketing literature.

An edited version of the information can be sold to third parties, like marketing organisations, for commercial use.

An ICO spokesperson said: "The full version of the electoral register should only be used for elections, preventing and detecting crime and checking applications for credit.

"Any suggestion that it has been made available for other purposes raises clear data protection concerns.

"We will making enquiries into the potential data breach.

"This will include considering whether the problem has implications for other councils."

A letter from Rhondda Cynon Taf council to residents said it mistakenly sent out a full version of the electoral roll in March, without the appropriate marker showing who had opted to keep their details private.

It said it could not be sure if anyone's information had been released but that it had tried to rectify the breach as soon as it became clear.

The authority has voluntarily reported itself to the ICO and will begin an internal investigation.

A spokesperson said: "The council took immediate steps to prevent the further distribution of information, and contacted the Information Commissioners Office to inform them of the breach. We also wrote to each of the individuals concerned.

"The council apologises for this error, but believe it has taken action swiftly to deal with it as soon as it came to light."

Caerphilly council said 23 people had been affected. The credit reference agencies were immediately notified and an updated register provided.

Torfaen council said four residents had been affected.

A spokesman for Torfaen said: "As soon as we were made aware of the problem the data was amended. We are writing to the people affected to inform them about the issue".

A spokeswoman for Experian said: "We are aware of an isolated issue affecting a limited number of electoral roll records recently sent by local councils to the credit reference agencies.

"Due to a problem with the third-party software used by a small number of local authorities, some records were not correctly marked as "opted out" of the edited version of the electoral register, which can be used for marketing purposes.

"According to the information we received from the third-party software company, a very low number of people are likely to be impacted i.e. the number of records per local authority impacted is likely to be in the range of 10 to 100."

Experian had not supplied any data received from Welsh local authorities to any of its clients for marketing purposes, she added.

On the wider issue of the software error, she said: "It may mean for some people that they might receive some marketing information they might have preferred not to receive."