Fakenham Town Council apologies to members after former councillor Janet Holdom unlawfully accessed payslips with confidential information
A town council has apologised following a data breach of staff payslips involving its former deputy chairperson.
Cllr Angela Glynn, the mayor of Fakenham, admitted at last month’s full council meeting that it was “an error in judgment” that led to the security incident involving Cllr Janet Holdom accessing payslips.
An investigation was launched by the Information Commissioner’s Office (ICO) last September after it was alleged the 79-year-old, who used to be part of the council's finance committee, viewed the records despite it no longer being her job and left highly confidential papers out on a desk.
“There was no malicious intent,” Cllr Glynn said.
“She had been on the council a long time and carried on doing duties that she had once been asked to do but no longer needed to.”
Cllr Holdom, who had been a town councillor since 1999, resigned from the position in January.
An ICO spokesperson said: “We can confirm we have received a report and are assessing the information provided.”
During October’s full council meeting, up to £3,000 was put aside for a data protection officer who ran a full data protection audit investigating the incident - which left its members “horrified”.
At the time, it was agreed that only the responsible financial officer and chair of finance would have access to payroll reports in response.
Fakenham Town Council also made the decision that all personal data held by councillors at private addresses must be returned to the office for either destruction or secure storage.
At the next full council meeting on Wednesday, discussions will be had about a quote of £1,200 by accountants Mapus-Smith & Lemmon for an internal audit function to take place, which will evaluate risk management, governance, and control processes as well as ensure internal controls are adequate and assess quality, ethics, economy, efficiency, and controls.
A reader wrote to the Lynn News alleging that the breach had been happening since 2014 which had prompted a reminder to all councillors about their responsibility with personal data and the information they hold.
Cllr Glynn added that as well as issuing a formal apology to those affected, all councillors will receive GDPR training to ensure that they are all up-to-date on the law.
