Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
More
Home News Aberdeen & Aberdeenshire

Major data breach as hundreds of tax forms sent to wrong Aberdeen council employees

By Jon Hebditch
Councillor Stephen Flynn spoke out on the issue.
Councillor Stephen Flynn spoke out on the issue.

A major data breach at Aberdeen City Council has resulted in hundreds of confidential tax forms being sent to the wrong employees.

The 947 P11D documents are for members of staff at the local authority earning more than £8,500 a year and contain sensitive information including National Insurance numbers, salaries and PAYE codes.

P11Ds are used to report benefits provided and expense payments made to employees by employers that are not put through the payroll.

The employees are also given a copy, should they need it for a self-assessment tax return.

Last night a council spokesman said the forms had been sent “in error”.

He said: “The council is aware of an error which has resulted in some P11D forms being incorrectly issued.

“Affected individuals will be notified directly and we apologise to those impacted.

“The issue is being investigated and measures put in place to ensure it cannot be repeated.“

Council audit convener Stephen Flynn said: “To learn about a data breach of this nature and scale is both incredibly serious and worrying – and those staff involved will be rightly frustrated and concerned.

“Senior council officers have advised me that staff will receive a letter this week with more detail and I have had it confirmed that the matter will be reported to the next audit, risk and scrutiny committee.

“Incidents like this do little to provide assurance and the council needs evidence that safeguards are in place to prevent any repeat in the future.”

Unite union north-east regional representative Tommy Campbell added that he was “shocked” that there had been such a “scandalous breach of data.”

The council is believed to have reported the breach to the Information Commissioner’s Office.

An Information Commissioner’s Office spokeswoman said: “It is an organisation’s responsibility to fully assess a breach – and then judge whether or not they need to report it the ICO.

“Where possible, this should be done within 72 hours.

“An organisation must report a breach unless it does not pose a risk to people’s rights and freedoms.

“That means organisations must assess the likelihood and severity of the risk, and take into account the potential negative consequences for individuals.

“These may include emotional distress, or physical or material damage, such as financial loss, identity theft and discrimination.

“Anyone who has any concerns about how their personal data has been handled can contact the ICO.”