Almost one in four councils in the UK have been hit with a software glitch that means the confidential details of some voters has accidentally been shared. The councils have to share what is known as the 'edited electoral register' - and if your name is on this list, your details can be sold on to commercial companies. However, individuals are given the chance to protect themselves from a deluge of junk mail by opting out of the edited register.
Unfortunately, the glitch meant that some of those who opted out of the were not removed - so their data may have been sold.
The glitchThe Daily Mail reported that around 90 councils in England and Wales had suffered the software problem, which means millions of people could have been affected.
The system works by collating the data of every voter. This is then passed onto third parties - at which point the software kicks in, and voters who said they do not want to have their data shared are removed from the list. The edited register is then made available for commercial companies to buy for marketing purposes.
One of the first councils to draw attention to the leak was Wokingham Council, which has written to the 18,000 people in the borough affected by the problem. It told the BBC that the software that manages its list of voters had failed to work properly.
Prior to that, a similar problem was revealed at three councils in Wales: Rhondda Cynon Taf, Caerphilly and Torfaen. The Information Commissioner's Office told the BBC at the time that it was investigating.
A spokesman for the Information Commissioner's Office told the BBC: "We are aware that a number of councils have reported that a software error has resulted in the full electoral register being made available more widely than it should have been. We are currently making enquiries into these potential data breaches.'
Good newsThe good news is that although millions of people could have been made vulnerable by the breach, in practice, the number who receive junk mail as a result is likely to be in the thousands. After the three Welsh councils revealed the problem, for example, they confirmed that none of the data had been sold.
Those who are likely to be most at risk are those councils who sell the register most often - assuming the councils in question were victims of the glitch. We know that four councils sold the edited register more than 50 times in five years, and that 19 councils sold it between 25 and 49 times over that period. However, we do not know whether those councils have been hit by the glitch and whether the timing of the glitch meant that any data was sold. We will have to wait for the Information Commissioner's report to discover the full extent of the breach.
However, it raises the question of whether this information should be up for sale in any case. At the moment councils have no choice - they have to make the data available for sale. A report by Big Brother Watch last year found that between 2007 and 2012, more than 2,700 organisations and individuals bought the edited register. The sales brought in £250,000 for the councils, but the group highlighted that this is likely to be little more than the councils spend in administering the system.