Confidential details revealed on Cheshire West and Chester website

A COMPUTER expert alerted Cheshire West and Chester Council to questionable data entries on its website including the disclosure of confidential details of vulnerable children.

John Murray, of Handbridge, raised alarm bells over the Open Data section of the council website which records all spending transactions of more than £500 in line with Government best practice.

A data analyst by profession, Mr Murray was accumulating spending data for a number of authorities, including Cheshire West, when he noticed an inconsistent approach to removing the details of certain suppliers.

He said: “There were 4,206 such transactions where the same supplier ID had been redacted in other records. The majority of these are payments to organisations.

“However, I also observed unredacted payee names including 188 direct payments to adult social care clients and/or their carers, 15 payments for adult day and respite care, 113 payments to foster carers, 11 payments to disabled children and their carers and 37 adoption allowance payments.

“Additionally I noticed small numbers of payments to casual staff and for employee training.”

Mr Murray, who found the sensitive data also copied to several other websites, is calling for the council to refer the matter to the Information Commissioner’s Office.

He added: “As a professional with Data Protection responsibilities in several of the organisations I have worked for, I find such a serious breach alarming as it appears to highlight poor controls. The council’s system for publishing the data contains considerable risk as it simply appears to be a ‘cut & paste’ job into Excel spreadsheets.”

Council spokeswoman Rachel Ashley said: “On December 18 we were made aware of a potential Data Protection breach relating to a small number of transactions posted under Open Data.

“Swift action was taken to remove the relevant files and to identify other websites that may have taken copies of the files. Once investigations into the matter are complete a decision will be taken about the need to report to the Information Commissioner’s Office.”

The Chronicle alerted the council that confidential information could still be accessed via its website as late as January 2 but this was removed shortly afterwards.