A REPORT is to be drafted into what was behind a recent data breach on Ceredigion County Council’s website.

The council’s audit committee discussed its corporate risk register for 2018-19 on Thursday, 13 September, including ‘information management – security’.

This has a low risk score of eight but Cllr Gareth Davies asked what has been put in place to prevent a repeat of the recent issues.

Late last month, documents containing people’s names, addresses and medical conditions were reported to the Information Commissioner’s Office after they were publicly available on the council’s website.

The man who notified the council of the breach said he had reported the same data attached to Cabinet papers in 2004 on the website in 2007.

Some of the documents included sensitive, personal data – names, addresses and medical conditions – of Ceredigion residents.

The council also self-referred itself to the commissioner.

Cllr Davies said: “There’s been a recent breach where information hasn’t been as secure as it should be. Are we going to have a report on what measures are being put in place to ensure this doesn’t happen again?”

Committee vice-chairman Cllr Rowland Rees-Evans said this was likely to be discussed at the next meeting.

Councillors agreed that a report was also due on the whole information management department as it had not been on the agenda since 2016.

See this week’s south papers for the full story, available in shops and as a digital edition tomorrow