If the payslips are going to be sent singly then there is no reason for them 
not being sent to the home address of the employee.

It means that the employee gets the information as soon as possible. 
Particularly in small schools the admin support is probably quite small and 
it gives the hard-pressed member of staff something less to worry about.

In terms of risk management (which is what Simon is hinting at) it looks 
much more serious if all the payslips for a school go astray than if one 
payslip goes astray.

If an individual's payslip goes astray they just contact the relevant dept 
and another copy of the slip goes into the post to the home address. I think 
that if this happened to an individual employee to their home address, this 
would be considered unremarkable. No different to one's credit card 
statement going missing - unwelcome but it is hardly any different.

Nick Landau

----- Original Message ----- 
From: "Simon Howarth (RGC) Interim Information Governance Manager" 
<[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, March 09, 2006 9:37 AM
Subject: Re: [data-protection] Missing Payslips


> Tried a few times to send a reply to this and our email threw a wobbler, 
> so
> apolgies if anyone already has a varient of this.
>
> I think there are a few things you should be doing.
>
> 1. Review your practice of sending payslips in this way. I would never
> recommend that a client sends these by normal post. At least do it
> registered post so there is some tracking available. I think sending a 
> batch
> through normal post is a mistake. Also consider sending them singly, then 
> if
> one goes astray they don't all go.
>
> 2. PLEASE consider identity fraud a credible threat. It is irrelevant that
> it is a close-knit community, it is possible (unlikely, but possible) that
> these payslips are now in somwhere like London, where no one would know 
> them
> from Adam. There are so many things you can do with just a name and an NI
> number and no bank account number.
>
> I suggest liasing with those affected to manage the risk so that banks 
> etc.,
> can at least be informed of the possible issues. Banks are the last
> companies to ever admit anything is wrong, so anything you can do BEFORE
> something happens is a good move, as trying to argue with a bank after the
> fact is a slow and painful process. I personally don't think this will be 
> an
> issue, but I think you need to accept the risk and deal with it in a
> measured way.
>
> 3. I don't think the RM will accept liability, unless you have proof of
> postage in some way - see my point 1.
>
> Sorry to be the bearer of negativity!
>
> Simon Howarth.
>
>
> -----Original Message-----
> From: Broom, Doreen [mailto:[log in to unmask]]
> Sent: 08 March 2006 12:05
> To: [log in to unmask]
> Subject: [data-protection] Missing Payslips
>
>
> All
>
> We have lots of rural schools in Borders.  Payslips are sent out via
> Royal Mail.  Anyway an envelope containing approx. 20 payslips has gone
> missing.  Royal Mail are looking into it.  I have been asked for the
> Data Protection issues surrounding this.  The individuals are concerned
> as their NI Number, Personnel Number - name etc. appear on these slips.
> Their money has gone into the Bank but there are no Bank details on
> payslips.
>
> I know there are Identity Fraud implications but this is a very rural
> area and would be very difficult to get away with this type of thing as
> everyone knows everyone.  Can anyone think of anything major that would
> be likely to happen - really, what kind of advice can I give -
> especially afetr the horse has bolted so to speak.  We may never
> retrieve these payslips - are RM libel?
>
> Any thoughts would be helpful.
>
> Thanks,
>
> Doreen
> Doreen Broom
> Access to Information Officer
> Scottish Borders Council
> Tel: 01835 826516
> Fax: 01835 825059
>
>
>
> ********************************************************************
> * This email is privileged, confidential and subject to copyright. *
> * Any unauthorised use or disclosure of its content is prohibited. *
> * The views expressed in this communication may not necessarily    *
> * be the views held by Scottish Borders Council.                   *
> * Please be aware that any email sent or received by the Council   *
> * may require to be disclosed by the Council under the provisions  *
> * of the Freedom of Information (Scotland) Act 2002.               *
> ********************************************************************
>
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>       All archives of messages are stored permanently and are
>
>
>
>      available to the world wide web community at large at
>
>
>
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
>      If you wish to leave this list please send the command
>
>
>
>       leave data-protection to [log in to unmask]
>
>
>
>            All user commands can be found at : -
>
>
>
>        http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list 
> owner
>
>
>
>              [log in to unmask]
>
>
>
>  (all commands go to [log in to unmask] not the list please)
>
>
>
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>       All archives of messages are stored permanently and are
>
>
>
>      available to the world wide web community at large at
>
>
>
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
>      If you wish to leave this list please send the command
>
>
>
>       leave data-protection to [log in to unmask]
>
>
>
>            All user commands can be found at : -
>
>
>
>        http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list 
> owner
>
>
>
>              [log in to unmask]
>
>
>
>  (all commands go to [log in to unmask] not the list please)
>
>
>
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



       All archives of messages are stored permanently and are



      available to the world wide web community at large at



      http://www.jiscmail.ac.uk/lists/data-protection.html



      If you wish to leave this list please send the command



       leave data-protection to [log in to unmask]



            All user commands can be found at : -



        http://www.jiscmail.ac.uk/help/commandref.htm



Any queries about sending or receiving message please send to the list owner



              [log in to unmask]



  (all commands go to [log in to unmask] not the list please)



   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^