And ...
Just picking up on Tim's comment re disciplinary action, your troubles may
not end with the tenant.
Being involved in tribunals re DP tells us that you are going to have to
have a long hard look at your Policy Management systems. All too often we
see lever arch files stuffed full of unread and misunderstood operating
procedures and policies being hauled out as evidence that a member of staff
was "to blame".
There is a significant and growing body of case law (mainly mainland EU)
where dismissed employees have been reinstated by successfully arguing that
they did not understand what the policies meant, and they were not regularly
reinforced, or enforced.
I urge everyone to test their staff and their understanding of the sort of
phrases we see everyday in DP policies e.g. "care must be taken to ensure
that sensitive data is not disclosed to unauthorised persons". What's
sensitive, what constitutes a disclosure, just who is/is not authorised,
where is the list of such people/bodies etc etc. It's not having the words
that is important it's the comprehension and subsequent actions.
There are numerous policy management systems available, and it is normally
possible to utilise existing intranet/xml based technology and Microsoft
workflow tools. These can ensure that you have an indefeasible position
when it comes to a member of staff breeching a policy like DP.
Duncan Smith
Director
iCompli Limited Northampton UK
t: 08707 70 48 66 f: 08707 70 48 69 m: 07775 56 81 80
Mailto:[log in to unmask] Web: www.icompli.co.uk
"Compliance in your language"
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: Wednesday, February 08, 2006 10:27 PM
To: [log in to unmask]
Subject: Re: [data-protection] Letter of complaint and DP
This is going to blow up on you, possibly even if you handle it well.
The person complaining has a valid complaint about conduct whether the DPA
was broken or not.
Best course of action is to both take legal advice and consider prehandling
this with the UKIC in case a formal complaint goes there. This will at
least involve any press comment by the UKIC of "Wow, that sucks!". Instead
they will say "We are aware of this and they have taken action over it" when
the press ask.
The staff member is likely to need to face a disciplinary process. It's
tough, but that's the way of the world. It was a serious error.
To me it seems like there is a case against you for damages.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Clementine Amawo
Sent: 08 February 2006 17:02
To: [log in to unmask]
Subject: [data-protection] Letter of complaint and DP
Hello all,
Yes its me again (sorry :)
Problem
A member of staff has phoned me to say that a very angry tenant has written
in a letter of complaint due to the fact that he (staff member), had
disclosed confidential info pertaining to the tenant's housing rent account
to a 3rd party without his (the tenant's) consent.
The story
The tenant had requested for a rent reference from us that was required by
his mortgage lender (tnt is looking at going into shared ownership). The
tenant was informed by staff member that a fee of £50.00 pounds would need
to be paid in order to provide a reference. The staff member also informed
the tenant that it would be in his best interest to clear up his rent
arrears before a reference could be provided as legal proceeding were about
to begin. This the tenant did, and in mid December 2004 the reference was
provided.
Last month, one of the tenant's cheques (payment towards his arrears),
bounces. The staff member then emails the tenant's mortgage lender informing
them of the fact that the tenant is currently being pursued for rent arrears
following a 'bounced' cheque. The email also informed the mortgage lender
that a letter had been sent to said tenant advising him that our solicitor
will be instructed to apply for a possession hearing.
In the tenant's letter of complaint he writes that -
"....I spoke to my mortgage lender and to my shock and dismay I was
informed that they had received information from (staff member) that they
had neither requested or required"
The tenant is now obviously outraged at this flagrant breach of
confidentiality and the DPA 1998 by disclosing confidential information
without his permission. The tenant has been advised by his solicitors to
write this letter of complaint, and await our response before taking any
decision as to whether to proceed with legal action.
End of story
Personally I feel that the staff member has breached, the Act in revealing
such info to the mortgage lender, especially as it was not asked for.
Does the tenant have a case? Is the staff member wrong? How do we rectify?
Advice most eagerly welcome
Thanks
____________________________________________
Clementine Amawo
Information Management / Data Protection Officer (IT) Circle Anglia
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
__________ NOD32 1.1400 (20060208) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
__________ NOD32 1.1400 (20060208) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|