Thanks to everyone who responded to my request for cautionary tales. I have
collated the replies below (some of which you will have seen already) in
response to several requests and hope they will be of interest / amusement
or just make some of you feel smug!
Jackie Leesons
Data Protection Co-ordinator
Peterborough City Council
Tel: 01733 452295
e-mail: [log in to unmask]
<mailto:[log in to unmask]>
I came from the police arena and I have a "horror" story the first involves
a police officer checking the PNC (police National Computer) for the
registration of a vehicle, because the lady he was chatting up in a club
drove off in it and he wanted to contact her. She complained about misuse
of his power to track her, (she obviously was not as impressed by him as he
with her!), the officer was disciplined and was reduced in rank!!
****
I know of a very recent case where a large utility was opening up a call
centre, the trainees were given the live system to practice on, and given
free reign to look up accounts of anyone they knew. So much for data
protection!
****
A friend of mine works for a company that has a telephone answering system
which identifies the caller and brings up their details on a pc in front of
the telephone operator to help them answer the caller's enquiry. The system
is also capable of displaying an automatic "warning screen" on the pc if
there is anything significant about the account.
After one long and tiresome session with a particular caller, an operator
decided to create a "pop up" warning that said "Be very cautious in your
approach to this customer".
The operator was not wholly familiar with the computer system, and,
unfortunately, rather than create a warning notice screen, the address
screen of the caller was actually changed.
The matter was drawn to my friend's attention by the (even more irate)
caller who was astonished to find the offending text inserted between their
name and address when the next bill was delivered..................
****
Only the variant of the one you describe, which I think I circulated as a
"cautionary tale" last year.
Policeman called us with information about an alleged assault on one of our
students and asked for home address. Gave us the phone number of his police
station in Devon so that we could call back to verify his credentials. We
called back and a person in a Devon accent put us through the switchboard to
their personnel office who verified the identity, ID number etc of the
caller. So we passed on the information. Turned out that this phone number
was a callbox on the moors somewhere, and the all the parts were played by
the original caller - himself, switchboard, personnel officer, clicks on the
line during transfer etc. We only discovered this after the student
complained about unsolicited calls from a harasser.
Moral: check directory enquiries (or your local police) to verify the phone
number of the police station too!
****
A real incident occurred here early last year that incurred the wrath of the
Registrar/Commissioner.
One Department holds regular sickness monitoring meeting. At these
meetings, various reports and sickness records are discussed, including some
personal sickness reports. At one meeting, it was discovered that the
statistical analysis was wrong, being based on incorrect data. The
Personnel Manager immediately agreed to re-circulate the right information.
She issues an instruction to one of her subordinates to send them out
"urgently". This was done but to save time, the whole data set was
corrected and sent out - just with a compliments slip but without an
envelope!
A union rep spotted this. Rather than simply take up the matter directly
with the Personnel Manager, he wrote to Wilmslow. An official investigation
was called and the Department had no option but to plead guilty.
Confidential and personal information should have been circulated in sealed
envelopes and marked for the attention of the addressee only.
The Department was forced to review procedures and carry out some DP
training
****
One thing of a "good awareness" variety I noticed recently in a hospital in
New York was a sign in each elevator that said,"Staff are reminded that
patient records are confidential and should not be discussed in public
places, including the elevator."
The opposite of that is the story told by the former Data Protection
Commissioner of British Columbia, Canada, who visited a hospital and found
patient records piled next to the registration office at the front door to
the hospital where everyone entered the hospital and could easily pick up
and read, or even walk off with, a record.
****
A large, well-known firm of loss adjusters investigating an insurance claim
sent a form to a London borough informing them that they were under a
statutory duty to tell the company whether the individual was paying council
tax and if they were resident at a particular address.
****
Virgin Atlantic Airlines sent a letter to a passenger which began "following
the flight of you and your wife" - he was travelling with his secretary!
***Private and Confidential Notice***
The information contained in this E-Mail is intended for the named recipients only.
It may contain privileged and confidential information and if you are not the intended
recipient, you must not copy, distribute or take any action or reliance on it.
If you have received this E-Mail in error, please notify the sender immediately by
using the E-Mail address or on +44 (0) 1733 452411.
|