Londoners signing up to attend consultation meetings on planned police reforms have had their email addresses shared by City Hall, seemingly without their permission.
An email from the Mayor’s a Office for Policing and Crime confirming registration for the events contains a list of email addresses in the TO field.
This means each recipient can see the names and email addresses of all recipients.
The list contains private email addresses plus those of journalists, police figures and local council workers.
The disclosure could constitute a breach of City Hall’s obligations under the Data Protection Act and a breach of its own privacy policy which states it is “committed to protecting your privacy and processing your personal data in accordance with the Data Protection Act (DPA) 1998”.
Commenting on the error, a MOPAC spokesperson told MayorWatch: “We are aware that some email addresses were mistakenly shared and apologise to anyone affected by this error.”
A spokesperson for the Information Commissioner’s Office office told MayorWatch: “While there is no legal requirement on most organisations to report data breaches to the ICO, we would expect organisations to report all serious data breaches which involve a high number of individuals or sensitive information, such as information relating to an individual’s health.”
The spokesperson added that the ICO would “be making further enquiries into this incident”.
MOPACs collection and use of email addresses has previously been questioned by London Assembly members.
Last month it emerged the body had collected more than 780 email addresses from people signing up to receive email updates since it was established in January 2012 but had failed to send out any newsletters.
In response to a question tabled by Green Party London Assembly Member Jenny Jones, Mayor Boris Johnson told said MOPAC would start sending out newsletters, “beginning in the new year”.
The Mayor said these regular mailings will include details of MOPAC’s public meetings which would be sent “at least 7 days before hand”.
Last updated 18th January with ICO statement.
