A council has had to upgrade its software after the personal information of residents was accidentally leaked in an email.

The data breach occurred when Watford Borough Council sent an email to Caroline Kearns, a campaigner against new parking permit hours being introduced into Callowland early next year.

The email, which had been regarding the scheme, contained a document that was supposed to have redacted personal information on it.

This included names, addresses, the way people voted on the new scheme in a consultation and the comments people made about it, Ms Kearns said.

After receiving the email, Ms Kearns forwarded it onto around 120 other people who it concerned - the redacted information had not been visible at the time.

But it was later discovered that the hidden information on the attached  document could be extracted, making it visible.

It showed the personal information of more than 500 people, Ms Kearns said.

The council has confirmed that it has carried out an investigation into the incident, which found the software it used was not secure.

The council says it is working to ensure that such a breach does not occur again.

A spokesperson said: “As soon as we were notified (of the breach), we took advice from our Data Protection Officer, initiated an investigation and advised the Information Commissioner’s Office. Our investigation found that the council did take reasonable steps by fully redacting all personal information and creating a pdf of the original document. 

“What is now apparent, is that the software used to do this is not secure and we have, immediately, put in place upgraded software and alerted staff to this change. We will also be updating staff training on data protection so that this situation does not happen in future.”