Blunder as council publishes care home resident payments data online

editorial image
  • Council publishes monthly list of all invoices more than £500
  • But a resident found surnames normally redacted linked to social services supplier payments
  • A spokesman said no individuals can be identified
Have your say

DETAILS of vulnerable people under adult social services have been published on the council’s website.

Portsmouth City Council has to publish each invoice it pays that is more than £500.

We treat data protection with the utmost seriousness

Michael Lawther

Officers usually redact personal information but a list published on the council’s website contained 300 surnames – not all under social services – and around 20 suppliers’ addresses.

None of the information would identify individuals, a city council spokesman said.

Jerry Brown, 58, found the names in the list published for February. He said at least six care homes were listed as suppliers with a person’s name, which he said could be the name of the resident.

He said: ‘Clearly they could be targets for people.’

He said drug rehabilitation service suppliers were also listed, with a corresponding surname.

He added: ‘If you had the name of the service provider, which you did, then it’s not too hard to work out.’

A council spokesman said no-one could be identified by the published data, which has since been taken down.

Mr Brown said the payments could be related to individual’s personal allowances received under social care. But the council said this is not the case and a second figure related to project payments to a supplier.

Mr Brown raised the alarm on Friday but staff had finished for the day. He contacted councillors via text and email and the data was removed by Saturday.

Councillor Gerald Vernon-Jackson, leader of the opposition, said: ‘It’s really worrying because that’s putting the names of the most vulnerable people in Portsmouth out there for anybody to have.’

The council has informed the Information Commisionsers’ Office, while Mr Brown said he had posted on Twitter to the ICO about the incident.

Michael Lawther, the council’s senior information risk officer, said: ‘An error meant information we publish on our website every month was presented in a different format which included some surnames, but this is not anything it was possible to identify individuals from.

‘Once we became aware of concerns we removed the information as soon as possible.

‘We are confident only a very small number of people accessed the file before it was removed and will be contacting them to ensure the information is destroyed.

‘We treat data protection with the utmost seriousness.’

Mr Brown said he will not tell the council if he has deleted the data until the authority has tracked down who else has downloaded it.

He said the council did not remove it quickly enough.