The council unlawfully processed personal data ranging from parking fines to police checks for over four years, leaving their decision open to legal challenge.
Hyndburn Council remained unregistered with the Information Commissioner’s Office for a total of 50 months between November 2005 and February 10 this year. This is a criminal offence.
The licence, which costs just £35 per year, gives authority to process personal data across the spectrum of council decisions, any of which could technically now be open to challenge.
These include assessment and collection of council tax and business rates of over £40m a year, benefits, environmental health, planning, licensing and prosecution of offenders.
It also means the council could have handled data unlawfully from sources including the police, courts, debt collection agencies, probation services, religious organisations and social security.
Council bosses have apologised for the ‘oversight’, but insist that no one has been prejudiced by the lapsed registration. But the borough’s Labour group has written to chief executive David Welsby demanding to know the full implications of the failing.
The ICO has said it will not take further action, but campaign groups say the ‘gross error’ means the council could now face recourse from anyone with a ‘grievance’.
Dylan Sharpe, campaign director of Big Brother Watch, said: "For Hyndburn Council to have been unregistered for so long is a gross error that deserves far greater punishment than the slap on the wrists the ICO has given. Residents hand over huge amounts of personal data to their council - from wages and tax payments to their children’s health records - and we rely upon there being a system in place to prevent a local bureaucrat profiting from access to this data.
"People living in Hyndburn should be outraged that their privacy has been compromised in this manner and this matter should be investigated immediately."
Neil Herron, of Parking Appeals, said: "Every single thing where data has been processed could be liable.
"The chances of someone challenging over a £30 parking ticket are very slim. But there might be a company that has £1M worth of parking tickets.
"It could also affect council tax liability orders. You’ve also got to look at if they were processing data for Criminal Records Bureau checks.
"Anybody aggrieved by the actions of the local authority could take action. What they would have to do would be to complain to the Information Commission that the data had been processed illegally. It’s not good enough for them to say they’re registered now."
Ex-councillor Tim O’Kane, a former portfolio holder for data protection issues, claimed that over £100m in council tax had effectively been collected ‘illegally’ due to the mistake. Don’t forget that about 10 per cent of council tax bill pays for all the police wages. How can the police not be concerned that tens of millions of their money was collected illegally?"
A council spokesman said: "Due to an oversight on our part the council’s registration as a data controller under the Data Protection Act 1998 lapsed. We have taken immediate action to rectify the position and have re-registered with the Information Commission (ICO)". We are obviously very sorry this has happened. However, we are satisfied that we have sound procedures for handling personal data about our customers, and the lapse in registration has not prejudiced anyone in any way."
A spokesman for the ICO said: "Organisations that process personal information have a statutory requirement to notify the ICO that they are a data controller. Failure to do so is a criminal offence." He added that as the council has now registered no further action will be taken.