RideLon-doh! Data breach probe as acceptance letters sent to wrong recipients

Organisers say around 2,000 entrants to ballot for world's largest sportive have been affected...

Organisers of RideLondon have said they are informing watchdog the Information Commissioner’s Office (ICO) about a data breach that has resulted in acceptance letters revealing personal details of successful entrants to the ballot for the 100-mile sportive in August being sent to the wrong addresses.

In the past day or two, a number of people who entered the ballot for RideLondon-Surrey 100 have taken to social media to tell of how their delight about being accepted for the sportive turned to dismay when they realised the letter was not intended for them, and concern about whether someone else had their personal details.

The mix-up, which according to organisers has affected around 2,000 people who applied for the heavily-oversubscribed event for which some 25,000 places are available through the ballot, has left many in the dark over whether or not they have been successful.

Yesterday, London & Surrey Cycling Partnership, which organises the event, posted a statement to Twitter saying it “is currently working to establish how many people have been affected and we believe it to be less than  per cent of the total of more than 70,000 people who entered the ballot.

“We are working with our contractors to establish the full facts but it appears that the issue was caused by an error in the collation of the acceptance letter and the addressed envelope in the final stages of the mailing process which led to the people affected receiving the name, address and date of birth of one other person.”

In other words, some letters ended up in the wrong envelopes.

“We apologise sincerely for this error and will be contacting all the people affected,” the statement added. “The ICO is being informed with full details of what happened and what we have done, following the timelines in their guidance.”

According to the ICO’s website, “Under the current UK data protection law, most personal data breach reporting is best practice but not compulsory,” although it adds that any breaches must be referred if there is a “risk to people's rights and freedoms from the breach.”

RideLondon takes place this year on the weekend of 15 and 16 August, and will be the final time that the event has been sponsored by Prudential, which has backed it since the first edition in 2013.

> RideLondon looking for new headline sponsor from next year

Currently, Surrey County Council is holding a public consultation on whether it should continue to host part of the route of the sportive rides held on the Sunday of the event.

> RideLondon boss urges Surrey residents to back event in council’s consultation

The council’s current agreement with the event expires this year and it has said that it wants to continue to host it.

The consultation, which you can find here, is open until this Sunday 16 February.

Simon has been news editor at road.cc since 2009, reporting on 10 editions and counting of pro cycling’s biggest races such as the Tour de France, stories on issues including infrastructure and campaigning, and interviewing some of the biggest names in cycling. A law and languages graduate, published translator and former retail analyst, his background has proved invaluable in reporting on issues as diverse as cycling-related court cases, anti-doping investigations, and the bike industry. He splits his time between London and Cambridge, and loves taking his miniature schnauzer Elodie on adventures in the basket of her Elephant Bike.

Latest Comments