Twenty authorities have received reprimands from the information commissioner’s office due to data breaches related to freedom of information requests.
These breaches involved unauthorized access to personal data within the system used by Manx public bodies for recording and managing such requests. The information commissioner’s office emphasized the importance of publishing the reprimand, citing a clear public interest.
The affected bodies have been given a deadline of July 28 to address the breach issues and take appropriate measures.
Previously, it was revealed that a senior officer at the Cabinet Office had accessed information from 540 requests on over 1,200 occasions between April 1, 2022, and March 22.
Deputy Commissioner Nicola Whiting justified the decision to make the reprimand public based on the extensive nature of the unauthorized access, the wide range of public authorities affected, and the purpose behind the processing of the compromised personal data.
The breach primarily revolved around ongoing access to freedom of information requests by an individual after the administration of the iCasework system had been transferred out of the Cabinet Office.
The reprimand was issued by the information commissioner’s office due to the severity of the matter, the extent of unauthorized access to personal data, the lack of appropriate technical and organizational measures, and the absence of contracts with the person responsible for processing the details.
While the investigation into the 20 public authorities is now complete, except for confirmation of the completion of required actions, an ongoing investigation continues into other related matters, as stated by the information commissioner’s office.
