It's recently come to my attention that, a fortnight or so ago, there was a massive breach of data security at Guildford borough council.
My understanding is that emails containing the council records of hundreds (if not thousands) of people were sent to the wrong people instead of the people who the records were about. Perhaps most gratingly for the council, this incident occurred just days after a glowing report on the council's data security by an outside inspector had been published.
Apparently the data leak occurred simply because some council official selected the wrong mailing list when sending out the emails. Now, call me over cautious, but I would have thought that when you've got emails containing that amount of personal data you'd have some sort of system in place to double check before the emails are sent that they're going to the correct people.
I imagine the council will have acted to alert the people affected as soon as possible but in a case like this the real test will be in what measures are taken to prevent the incident from happening again. If I find out what measures have (or have not) been taken then I'll be sure to do an update about them.