From the ICO’s press release:
The Independent Parliamentary Standards Authority (IPSA) has agreed to take action after MPs personal details were accidentally placed at risk on the MPs expenses database, the Information Commissioner’s Office (ICO) said today.
The expenses claims were accessible for a period of 21 hours, following IT maintenance work in July 2010 which inadvertently allowed those persons with an expenses account, and their clerks, to access the information. The data included MPs banking details, vehicle registrations and home telephone numbers.
Mick Gorrill, Head of Enforcement at the ICO, said:
“This case highlights how any work carried out on a database must be subject to rigorous security testing before being re-launched. MPs carry out a high profile role and the information their expenses claims include could put them at risk of fraud and endanger their security.”
Andrew McDonald, interim IPSA Chief Executive, has now signed a formal undertaking to ensure that changes to the system’s administrator account are reviewed regularly and that breach notification procedures are reviewed and communicated to all MPs and staff. The authority will also implement any other such security measures it deems necessary to protect the MPs personal information.
A full copy of the undertaking can be viewed here: http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/~/media/documents/library/Data_Protection/Notices/ipsa_undertaking.ashx