Anger after Hastings Council mistakenly reveal hundreds of personal email addresses

The mistake occurred in a letter sent out to remind people of an upcoming cancellation date for the green bin garden waste collection service.

The mail had used the CC (carbon copy) field so that the mails of more than 300 recipients were visible.

One angry resident commented: “Great job. Now we know all 357 emails of people who use brown bins.” A number of others said they had contacted the council to complain about the data breach.

Solicitor and GDPR expert Peter Hammond confirmed that personal email addresses are protected by law.

He said: “When a personal email address or e-mail address containing PII (Personal Identifiable Information) is widely distributed or leaked it opens up the recipient to spam and viruses, as well as unwanted attention and easier ways to track the owner.”

However, in the Council’s defence the breach was not ‘malicious or intended’.

A council spokesperson said: “Unfortunately, a clerical error meant that an email to customers about their garden waste renewal was sent with the email addresses of other customers visible. This was a mistake. The letter itself contained no personal information. The affected customers have been contacted and the council apologies for any inconvenience caused.

“In response to this incident and to prevent this happening again, we are reminding all staff of the seriousness of Data Protection legislation and the need to ensure that they use the blind carbon copy (BCC) function when they send emails to multiple people. In addition, all staff will be required to re-do our mandatory data protection training.”