Stevenage Borough Council is likely to have breached the Data Protection Act 1998 when it passed on a man’s personal details to the councillor he was requesting information about.

In April, Conservative councillor Matthew Hurst received information about the expenses of borough council leader Sharon Taylor.

A few days later he received a letter from the Councillor Taylor which included information about her expenses and questioned the political motivation behind his request in advance of last month’s general election, in which she stood as the Labour candidate for the town.

By passing on this information the council is likely to have breached the 1998 Act, according to the Information Commissioner’s Office.

A letter which Mr Hurst has received in response to his complaint confirmed: “The council did not handle your personal data in a manner that was reasonably expected and its actions would not be in compliance with the first principle of the act.”

Mr Hurst – a borough councillor for the Longmeadow ward – had originally complained to the council about its actions in May, but the authority responded that it was not an issue to share such information.

He then contacted the commission who ruled in his favour.

He said: “It was particularly wrong for details to be given. If someone wants to request information about me as a councillor I don’t think there’s a problem with me knowing, but I don’t think it’s right for me to be told who has requested that information.

“It’s the council’s fault. I think Sharon should have known better, but she was provided with the information by the council. I am hoping that future requests are dealt with in the correct way.”

A council spokesman said: “Moving forward we will follow the recommendations from the Information Commissioner’s Office and will implement refresher training.”

The commission doesn’t plan on taking any further action but will make note of its decision.