THREE former Mid Devon councillors say they are shocked after the authority accused them of alleged data breaches.
Barry Warren, Bob Deed and Christine Daw received letters from the district council about a “serious matter concerning (their) handling of confidential data”.
But the letters add that each of the individuals “may have committed a data breach”, which the recipients suggest means the council is unsure whether this has occurred or not.
Mr Warren, formerly an independent councillor, led the authority for three months in 2023, taking over from Mr Deed who resigned in February last year after holding the position for four years.
Ms Daw quit as a Conservative party member the same month, but retained her cabinet position as an independent until the election last May when she opted not to stand for council again.
The trio have all been critical of 3 Rivers Developments, the council-owned property company which is now in the process of being closed down. The alleged data breaches include documents linked to the failed housebuilder.
The firm has long been a lightening rod for criticism for many councillors, and the council recently confirmed that around £2.8 million will be written off this financial year alone.
Mr Warren, who still frequently asks question about the housing company at public question times during council meetings, called the letters an “attempted suppression of information and facts that should be of public interest”.
He continued: “The letter states that the breaches involve ‘unauthorised retention and use of confidential information’ I accessed as a councillor.”
However, he said the 26 alleged breaches ranged from October 2021 to October 2023, even though he ceased to be a councillor in May last year.
“Some of the documents appear to be reports or minutes which I have downloaded from public access sites and then forwarded them onto my private address in order that I could easily make notes on them and to save keep having to go back to the site”, Mr Warren added.
“I cannot see any breach in retaining these as they are public documents.”
One of Mr Deed’s alleged data breaches is a Tiverton bus timetable he sent to himself.
He said he felt like the letters from the council were a “fishing exercise to find out if we have something or not”.
“But they are not right, as there has not been a data breach, and of the 11 breaches they insinuate, it’s difficult to tell what they are,” he said.
“I’ve no idea what the files are so it’s difficult to comment, but they appear to think it’s linked to the Data Protection Act, but I would guarantee there is nothing which is a breach of that Act, as it is very specific.
“It would relate to mentioning a name or something specific to an individual that should not be in the public domain, but I’ve never done anything like that.”
Ms Daw has been told that “as a minimum” she sent five emails to her personal address, including a file titled “3 RDL Business Plan” (meaning 3 Rivers), and an email chain between 3 Rivers staff, council staff and councillors.
“My first reaction was shock,” she said.
“I’m appalled at the letter and I don’t know why they are searching through these old emails.”
Ms Daw added that she did not have any council documents stored on her computer or phone, and had not kept any paperwork, but that she has a “photographic memory” and so can recall emails and information related to her time as a councillor, including 3 Rivers.
“I am debating whether to ask what they have on me, what these emails are and why they’ve gone back into them,” she said.
“They are accusing me of something, but I don’t know what exactly they are accusing me of. It is just not making sense.”
All three said councillors had to send documents frequently to their personal email addresses because council ones would continually hit storage limits, preventing them from receiving documents from officers.
A Mid Devon District Council spokesperson said the authority takes its legal responsibilities as a data controller extremely seriously.
“It is a matter of some regret that the council has had to write to a small number of former councillors reminding them of the need to comply with data management practices,” the spokesperson said.
“However, it is important that the council takes appropriate action to ensure the effective management of data in accordance with our policies.”
The spokesperson added council staff and councillors are required to adhere to policies around data security and retention.
“In the event of a data breach, the council may refer the matter to the Information Commissioner’s Office for advice and guidance on appropriate action,” the spokesperson added.
“The council would then follow that guidance to ensure that we are compliant with the regulations around data security.”
The council refused to say whether the letters were part of a wider investigation, nor whether it is trying to silence critics of 3 Rivers Developments.
It also did not explain why documents about bereavement services or waste, which were included among the alleged breaches, would constitute a data breach.
Bradley Gerrard
LDRS