The Isle of Wight Council has confirmed a serious data protection breach after an email inviting residents to renew their green waste subscriptions exposed the personal email addresses of hundreds of Island residents.
The local authority says the breach occurred when a batch of renewal emails was mistakenly sent in a way that revealed every recipient’s email address to others on the list – a clear violation of data protection laws under GDPR.
In response to the incident, the Isle of Wight Council has launched an investigation through its Data Protection team and has reported the matter to the Information Commissioner’s Office (ICO).
It has understood that no other personal information was included within the email other than the email addresses of around 400 people.
Not everyone will have received this particular email, as it only affects one batch of renewal emails.
A spokesperson for the Council has said:
“As soon as the error was identified, the council attempted to recall the email and asked recipients to delete any unrecalled messages. We have issued an apology to those affected and reported the matter immediately.”
The Information Commissioner’s Office has the power to issue fines or enforcement action in cases where data protection laws have been breached.



























































































GDPR out the window.
oops…
someone needs to learn the difference between ‘cc’ ‘bcc’
Thanks for the tip! Especially insightful coming from someone associated with Wightlink, where errors are… virtually unheard of.
Any incompetent clown been sacked?
No chance, this council couldn’t sack a bag of
spuds on a farm.
No investigation needed. Someone who should not have been authorised to send email from a council account because they had insufficient knowledge of how email works, sent an email from a council computer without having sufficient knowledge on how email works. Investigation completed.