Data breach at Ceredigion council blamed on human error
Human error is being blamed for the discovery of personal and sensitive information on a county council's website last summer.
The data breach involved Ceredigion's publication of 98 exempt documents.
Senior customer contact officer Arwyn Morris told councillors the highest risk cases concerned detailed health information about eight people.
He said all documents were now checked by two people to assess whether they should be kept secret or not.
The council's audit committee heard the documents had mistakenly been published in 2013 when the authority's website was redesigned, although the data breach only came to light last August.
It happened because the documents had been filed incorrectly under a new electronic management system in 2006, councillors were told on Wednesday.
Mr Morris said four people had been sent letters of apology for the release of medical details - in the other four cases the people had died since the information about them had been recorded.
The other information was considered lower risk, such as names and addresses, company names and transactions for the sale of land.
- Data breach 'could have lasted 11 years'
- Care children list sent to taxi firms
- Council data breach on eve of new rules
However, Councillor Hag Harries said such data may not always be low risk, giving the example of someone fleeing violence.
"It could seem trivial, or it could mean loss of life for somebody," he said.
A report from the Information Commissioner's Office is due to be made on the incident.
James Davies, a local resident from Borth who reported an earlier data breach in 2007, said that the council was "playing down" the recent incident.
"Just names and addresses can put people at serious risk," told the Local Democracy Reporting Service..
"There's been an awful lot of information over the years - there were 2,500 files in the other incident and the issues still haven't been addressed."