Internal documents with individual computer ID and phone numbers were accidentally included in papers about energy policy released last week after a freedom of information request.
The government has been accused of “carelessness” by MSPs. It has accepted that an error was made, and has apologised to the 37 staff involved.
Ken Macdonald, the assistant information commissioner for Scotland, said that he took breaches of individuals’ privacy very seriously.
“Any organisation which processes information such as sensitive personal information relating to their employees must ensure that adequate safeguards are in place to keep that information secure,” he warned.
“We will be contacting the Scottish government to establish how this security breach occurred and to find out what steps it will be taking to ensure that such a breach cannot happen again.”
Three documents were inadvertently included by officials in the box file of documents sent to the Sunday Herald. One was a screen shot of a spreadsheet showing various grants given to local authorities.
Another was an email from Grampian Police enclosing details of an oil and gas industry “Pandemic Planning Exercise” which took place last week in Aberdeen. The exercise was designed to test the offshore industry’s response to the swine-flu outbreak.
The third document was a sheet showing the names, pay grades, “user IDs”, “PC numbers” and telephone extension numbers of 37 officials in the Scottish government’s Employability & Skills Division. It also showed the BlackBerry and mobile phone numbers of 15 officials, including the division heads.
A spokesman for the Scottish government said: “We take seriously our obligation to handle information securely and regret that additional material not relevant to the freedom of information request was included in a large package of documents.”
He pointed out that the information on civil servants came from the government’s staff directory and did not contain information of a personal or private nature. Some of it was already in the public domain.
“Nevertheless this should not have happened and we have informed and apologised to the staff concerned,” the spokesman added.
“We have carried out an immediate investigation into this matter and have taken urgent steps to ensure that the principles of secure information management are strictly adhered to.”
Green MSP, Patrick Harvie, criticised the government’s lapse.
“It’s a long way from freedom of information to carelessness like this,” he said. “The commissioner is right to investigate.
“Public-sector workers must be able to have confidence that their personal information will stay private. Coming after Westminster’s inability to protect child benefit claimants or Ministry of Defence laptops, it’s clear that both governments could do a lot better in this area.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article