The City of Hamilton has notified a resident that their privacy has been breached after the City posted their home address, personal phone number, and personal email on the City website.
In a repeat of past breaches, a written submission to a council committee was not redacted. The personal information was published as part of the April 17 Committee of Adjustment agenda.
In recent months, the City of Hamilton stated it implemented processes to prevent these breaches as part of its ongoing “award-winning” digital process improvements.
Last week, the City committed a technical breach of privacy involving a council staff member.
The private information was removed after TPR notified the City. This story was held back until the breach was corrected.
Production Details
v. 1.0.0
Published: April 2, 2025
Last updated: April 2, 2025
Author: Joey Coleman
Update Record
v. 1.0.0 original version
Nice job catching this Joey.
This is absolutely absurd that this same issue keeps happening.
As I said when I spoke to the City about my privacy breach : “Home addresses? For what purpose? What justification is there for demanding a home address from someone who just wants to speak at a public meeting? There isn’t one.
That’s why privacy by design exists—so governments don’t collect sensitive data they don’t need and ensure what they do collect is properly secured.”
Does the city not have a PII policy defined for Microsoft 365? Their website from what I understand runs predominantly on SharePoint, so some Purview policies on PII should at a minimum alert IT that a PII breach has happened, and ideally block it from happening altogether.