I would echo what Tim says.
But I would caution against making admissions or offers without
consulting legal advice. It's going involve a certain amount of costs,
but not as much as it potentially might if a mistake is made at this stage,
Nigel
--
Nigel Roberts FBCS DipEngLaw
Tim Trent wrote:
> While I feel desperately sorry for the staff member as a human being because
> this is likely to lead to the end of their current employment I cannot see
> how they felt they had the need or the authority to send the email in the
> first place.
>
> As an employer one might argue that they will not make this class of error
> again, but the error itself shows seriously flawed judgement for what must
> presumably be a reasonably senior role. This is a serious breach. That
> they owned up to it is mitigation, but I suspect it would have stayed
> covered up if that had been possible.
>
> There is scope for much press coverage of this matter. Such coverage is
> outside your control, and is also likely to happen if this ever comes to
> court. It's a "Sun" and "Daily Mail" kind of article.
>
> When it hits the press it hits Google.
>
> When it hits Google it is contagious.
>
> Be prepared for a Subject Access request, and recognise that you may not
> delete this evidence without legitimate accusations of evidence tampering.
> Prepare for the SAR now and get the documents ready.
>
> BTW I had a brainstorm when I typed my first response. "involve" should
> have been "Avoid". Such is life :)
>
> Damage limitation here is hard. You need full legal advice on how a
> compromise may be reached without attendant publicity. Even then you risk
> it.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of datap
> Sent: 09 February 2006 08:44
> To: [log in to unmask]
> Subject: Re: [data-protection] Letter of complaint and DP
>
> The staff
> I would agree with what has already been said here.
>
> The staff member committed a doozy of a breach and should face disciplinary
> action. I can't even imagine what they might cite as their defence!
>
> As well as involving the UKIC as suggested below, the organisation needs to
> work out how much they are willing to hand out in compensation / as a
> goodwill gesture. Was there any impact on the tenant in terms of how the
> mortgage lender used this information?
>
> You will have to admit to the tenant that a breach was committed, despite
> the measures normally taken by the organisation and that issue will be
> addressed with the staff member concerned: I think people want to know that
> the offender is going to get their wrists well and truly slapped...
>
> Tanya Holden
> Group Information Governance Manager
>
> Metropolitan Housing Group
>
> www.mht-group.co.uk
>
>
>>>>Tim Trent <[log in to unmask]> 08/02/2006 22:27:28
>>>>
>
> This is going to blow up on you, possibly even if you handle it well.
>
> The person complaining has a valid complaint about conduct whether the DPA
> was broken or not.
>
> Best course of action is to both take legal advice and consider prehandling
> this with the UKIC in case a formal complaint goes there. This will at
> least involve any press comment by the UKIC of "Wow, that sucks!". Instead
> they will say "We are aware of this and they have taken action over it" when
> the press ask.
>
> The staff member is likely to need to face a disciplinary process. It's
> tough, but that's the way of the world. It was a serious error.
>
> To me it seems like there is a case against you for damages.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Clementine Amawo
> Sent: 08 February 2006 17:02
> To: [log in to unmask]
> Subject: [data-protection] Letter of complaint and DP
>
> Hello all,
> Yes its me again (sorry :)
>
> Problem
> A member of staff has phoned me to say that a very angry tenant has written
> in a letter of complaint due to the fact that he (staff member), had
> disclosed confidential info pertaining to the tenant's housing rent account
> to a 3rd party without his (the tenant's) consent.
>
> The story
> The tenant had requested for a rent reference from us that was required by
> his mortgage lender (tnt is looking at going into shared ownership). The
> tenant was informed by staff member that a fee of £50.00 pounds would need
> to be paid in order to provide a reference. The staff member also informed
> the tenant that it would be in his best interest to clear up his rent
> arrears before a reference could be provided as legal proceeding were about
> to begin. This the tenant did, and in mid December 2004 the reference was
> provided.
>
> Last month, one of the tenant's cheques (payment towards his arrears),
> bounces. The staff member then emails the tenant's mortgage lender informing
> them of the fact that the tenant is currently being pursued for rent arrears
> following a 'bounced' cheque. The email also informed the mortgage lender
> that a letter had been sent to said tenant advising him that our solicitor
> will be instructed to apply for a possession hearing.
>
> In the tenant's letter of complaint he writes that -
>
> "....I spoke to my mortgage lender and to my shock and dismay I was informed
> that they had received information from (staff member) that they had neither
> requested or required"
>
> The tenant is now obviously outraged at this flagrant breach of
> confidentiality and the DPA 1998 by disclosing confidential information
> without his permission. The tenant has been advised by his solicitors to
> write this letter of complaint, and await our response before taking any
> decision as to whether to proceed with legal action.
>
> End of story
>
> Personally I feel that the staff member has breached, the Act in revealing
> such info to the mortgage lender, especially as it was not asked for.
> Does the tenant have a case? Is the staff member wrong? How do we rectify?
>
> Advice most eagerly welcome
>
> Thanks
> ____________________________________________
> Clementine Amawo
> Information Management / Data Protection Officer (IT) Circle Anglia
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> ----------------------------------------------------------------------------
> ----------------------------------------
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the originator of the
> message. This footer also confirms that this email message has been scanned
> for the presence of computer viruses.
>
> Any views expressed in this message are those of the individual sender,
> except where the sender specifies and with authority, states them to be the
> views of Metropolitan Housing Trust Ltd.
>
> Metropolitan Housing Trust Limited is Charitable, registered under the
> Industrial and Provident Societies Act 1965 No. 16337R.
>
> Metropolitan Home ownership is Charitable, registered under the Industrial
> and Provident Societies Act 1965 No. 16337R.
>
> Stepforward is Charitable, registered under the Industrial and Provident
> Societies Act 1965 No. 16337R.
>
> MHT Social Investment Foundation is Charitable, registered under the
> Industrial and Provident Societies Act 1965 No. 28795R.
>
> Refugee Housing Association Limited is Charitable, registered under the
> Industrial and Provident Societies Act 1965 No. 20735R.
>
> Rushcliffe Homes Limited is registered with the Charity
> Commission: No. 1095063.
>
> Scanning of this message and addition of this footer is performed by
> SurfControl E-mail Filter software in conjunction with virus detection
> software.
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|