Ceredigion County Council has downplayed a blunder that led to over 50 exempt reports being published on the authority’s website.

The council has a corporate risk register which identifies issues that could cause problems to the authority and how services are provided, but the information management section of the register has not been updated since May.

Despite there being a major error in 50 reports that are considered exempt being discovered on the council’s website in August - some including personal details such as names, ages, addresses and even medical conditions - that section has still not been updated.

The council admitted it does not know how long the exempt information was available on the council’s website.

But the authority insisted there was no need to update the risk register as the publication of the information “was judged not to increase the level of threat”, and that the “breach was immediately dealt with”.

A spokesperson said: “The information management corporate risk is regularly reviewed and the level of risk was judged not to increase the level of threat as the breach was dealt with immediately and was not a technical issue.”

But despite the council downplaying the issue, the authority is being investigated by the Information Commissioner’s Office for potential data management breaches by publishing personal information.

The risk register itself warns that one of the risks to the authority is the possibility of a significant fine if the council is found by the ICO to have broken rules.

See this week’s Aberystwyth and South Ceredigion papers for the full story, available in shops and as a digital edition now