29 July 2012

TooMuchInfo

The UK Pink News site reports Islington Council (north London) has "published details of the sexual orientation of over two thousand tenants after an error with a Freedom of Information request last month".

That disclosure resulted from an FOI request through the WhatDoTheyKnow.com site ... leading one contact to propose setting up TheyDontNeedToKnow.com and TooMuchSharingByLazyBureaucrats.com sites.

The report indicates that -
For nearly three weeks, the names, addresses, relationship status, gender, ethnicity, and religion details of 2,376 residents was available online through the Freedom of Information request website WhatDoTheyKnow.com. 
On 26 June, the housing department responded to a request that had been filed through the website, where responses to queries are automatically published, about ethnicity and gender of people who had applied for council housing. 
But the spreadsheets it sent back included names, marital statuses and addresses of nearly 2,400 residents, along with their stated sexual orientation. Some personal information was visible, some was in ‘hidden sheets’ in the emailed attachments. 
MySociety.org, which created the FOI request website, reports on the accidental leak that while some of the personal data was not immediately visible, anyone with basic knowledge of spreadsheet software could uncover it.
MySociety is promoted as -
We build websites that give the public simple, tangible ways to connect with and improve their society. As well as offering tools directly to the public we provide integration and development services for local authorities, corporates and government. 
The UK Information Commissioner’s Office was informed by MySociety but as yet hasn't publicly commented.

I particularly like the closing para of the report -
 At the time of that leak, Labour councillor Richard Greening had said: “We will more or less guarantee this won’t ever be repeated.”
More or less?

MySociety reports that -
On the 26th June the council responded to the FOI request by sending three Excel workbooks. Unfortunately, these contained a considerable amount of accidentally released, private data about Islington residents. In one file the personal data was contained within a normal spreadsheet, in the two other workbooks the personal data was contained on four hidden sheets. 
All requests and responses sent via WhatDoTheyKnow are automatically published online without any human intervention – this is the key feature that makes this site both valuable and popular. So these Excel workbooks went instantly onto the public web, where they seem to have attracted little attention – our logs suggest 7 downloads in total. 
Shortly after sending out these files, someone within the the council tried to delete the first email using Microsoft Outlook’s ‘recall’ feature. As most readers are probably aware – normal emails sent across the internet cannot be remotely removed using the recall function, so this first mail, containing sensitive information in both plain sight and in (trivially) hidden forms remained online. 
Unfortunately, this wasn’t the only mistake on the 26th June. A short while later, the council sent a ‘replacement’ FOI response that still contained a large amount of personal information, this time in the form of hidden Excel tabs. As you can see from this page on the Microsoft site , uncovering such tabs takes seconds, and only basic computer skills. 
At no point on or after the 26th June did we receive any notification from Islington (or anyone else) that problematic information had been released not once, but twice, even though all mails sent via WhatDoTheyKnow make it clear that replies are published automatically online. Had we been told we would have been able to remove the information quickly.
Drumroll for a group hug at MySociety -
It was only by sheer good fortune that our volunteer Helen happened to stumble across these documents some weeks later, and she handled the situation wonderfully, immediately hiding the data, asking Google to clear their cache, and alerting the rest of mySociety to the situation. This happened on the 14th July, a Saturday, and over the weekend mySociety staff, volunteers and trustees swung into action to formulate a plan.
There are rationales [PDF] for collection of information about sexual affinity, relationship status or other attributes and for the publication of aggregate/anonymised data. A mechanistic dissemination - just press 'send' - of personal information that may or may not have been provided on a confidential basis and that should be treated with care is unacceptable for a range of reasons, including that evident disregard for potential sensitivities erodes the trust needed for legitimate information collection/handling in the public sector.