Confidential details about the victims of twisted killer Robbie McIntosh may have inadvertently been made public when a significant case review into his home leave was released last week.
The 53-page report was published on December 4 then taken down again shortly after due to a potential breach of personal data.
Although the report anonymises McIntosh and its victims, it is understood redactions in the original document had not been carried out properly so hidden information could be accessed.
The report was removed from Angus Council’s website after the local authority was alerted to the issue.
It was re-posted once the corrections had been made.
McIntosh, who murdered civil servant Anne Nicoll when he was just 15, was out on home leave when he attacked Linda McDonald with a dumb-bell in Templeton Woods.
He later admitted attempted murder and is now subject to a lifelong restriction of liberty order, which means he is unlikely to ever be released.
The significant case review revealed prison officers were concerned McIntosh was “playing the system” in order to get released.
However, it also contained a number of other details, including the address of Ms Nicoll’s partner and information about Mrs McDonald’s health and daily routines.
Other redacted information included discussion of McIntosh’s relationships and his activity behind bars.
It is understood Angus Council phoned all those affected by the potential breach – including Ms Nicoll’s family and Mrs McDonald – to notify them of the potential data breach last week.
The independent Significant Case Review was initiated by the Tayside MAPPA Strategic Oversight Group, which is responsible for supervising dangerous prisoners after their release, and commissioned by Angus Council.
McIntosh had been on home leave in Bridgfoot when he attacked Mrs McDonald.
An Angus Council spokesman said: “A potential data protection issue was identified by Angus Council’s Information Governance Unit on publication of the report on Tuesday November 26.
“Immediate action was taken to rectify this and all relevant parties have been informed.
“The UK Information Commissioner has been fully advised and it is not appropriate to comment further.”
An ICO spokesman said: “We are aware of an incident relating to Angus Council and will be assessing the information provided.”
“Our Regulatory Action Policy sets out the sorts of issues we consider when deciding whether formal enforcement action is necessary in any individual case and the range of measures we can take to encourage compliance with data protection law.”
The ICO can fine organisations or individuals responsible for breaches of personal data.
