Housing association reprimanded after residents’ data compromised
A Clyde Valley Housing Association computer system enabled residents to access each other’s personal data.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A housing association has received an official reprimand after a new computer system enabled residents to access each other’s personal data.
Clyde Valley Housing Association received the reprimand from the Information Commissioner’s Office (ICO), the UK data protection regulator, following the launch of an online residents’ portal on July 14, 2022.
On the day the system went live, a resident contacted the housing association in Lanarkshire to say they were able to view other residents’ information, but the staff member who handled the call failed to escalate the matter.
The association eventually suspended access to the system on July 19 after receiving four further reports from other residents – meaning the personal information remained accessible for five days.
Jenny Brotchie, ICO Scotland regional manager, said: “While new digital products and services can improve the experience for customers, these must not come at the cost of the security of personal information.
“This breach was the result of a clear oversight by Clyde Valley Housing Association when preparing to launch its new customer portal.
“We expect all organisations to ensure they have appropriate security measures in place when launching new products and have tested them thoroughly with data protection in mind, as well as ensuring staff are appropriately trained.
“We will take action when people’s personal information is not protected.”
Eleven residents were found to have logged into the new system during the time it was live, and the housing association has contacted them to ask they do no share, copy, or make further use of the data.
The ICO recommended Clyde Valley Housing Association carries out rigorous testing on data protection before similar systems are rolled out in future.
It also recommended the association ensures its employees receive suitable data protection training.
Clyde Valley Housing Association has been contacted for comment.