JISCMail - DATA-PROTECTION Archives

Tried a few times to send a reply to this and our email threw a wobbler, so
apolgies if anyone already has a varient of this.

I think there are a few things you should be doing.

1. Review your practice of sending payslips in this way. I would never
recommend that a client sends these by normal post. At least do it
registered post so there is some tracking available. I think sending a batch
through normal post is a mistake. Also consider sending them singly, then if
one goes astray they don't all go.

2. PLEASE consider identity fraud a credible threat. It is irrelevant that
it is a close-knit community, it is possible (unlikely, but possible) that
these payslips are now in somwhere like London, where no one would know them
from Adam. There are so many things you can do with just a name and an NI
number and no bank account number. 

I suggest liasing with those affected to manage the risk so that banks etc.,
can at least be informed of the possible issues. Banks are the last
companies to ever admit anything is wrong, so anything you can do BEFORE
something happens is a good move, as trying to argue with a bank after the
fact is a slow and painful process. I personally don't think this will be an
issue, but I think you need to accept the risk and deal with it in a
measured way.

3. I don't think the RM will accept liability, unless you have proof of
postage in some way - see my point 1.

Sorry to be the bearer of negativity!

Simon Howarth.


-----Original Message-----
From: Broom, Doreen [mailto:[log in to unmask]]
Sent: 08 March 2006 12:05
To: [log in to unmask]
Subject: [data-protection] Missing Payslips


All
 
We have lots of rural schools in Borders.  Payslips are sent out via
Royal Mail.  Anyway an envelope containing approx. 20 payslips has gone
missing.  Royal Mail are looking into it.  I have been asked for the
Data Protection issues surrounding this.  The individuals are concerned
as their NI Number, Personnel Number - name etc. appear on these slips.
Their money has gone into the Bank but there are no Bank details on
payslips.
 
I know there are Identity Fraud implications but this is a very rural
area and would be very difficult to get away with this type of thing as
everyone knows everyone.  Can anyone think of anything major that would
be likely to happen - really, what kind of advice can I give -
especially afetr the horse has bolted so to speak.  We may never
retrieve these payslips - are RM libel?
 
Any thoughts would be helpful.
 
Thanks,
 
Doreen
Doreen Broom 
Access to Information Officer 
Scottish Borders Council 
Tel: 01835 826516 
Fax: 01835 825059 



********************************************************************
* This email is privileged, confidential and subject to copyright. *
* Any unauthorised use or disclosure of its content is prohibited. *
* The views expressed in this communication may not necessarily    *
* be the views held by Scottish Borders Council.                   *
* Please be aware that any email sent or received by the Council   *
* may require to be disclosed by the Council under the provisions  *
* of the Freedom of Information (Scotland) Act 2002.               *
********************************************************************





^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



       All archives of messages are stored permanently and are



      available to the world wide web community at large at



      http://www.jiscmail.ac.uk/lists/data-protection.html



      If you wish to leave this list please send the command



       leave data-protection to [log in to unmask]



            All user commands can be found at : -



        http://www.jiscmail.ac.uk/help/commandref.htm



Any queries about sending or receiving message please send to the list owner



              [log in to unmask]



  (all commands go to [log in to unmask] not the list please)



   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



       All archives of messages are stored permanently and are



      available to the world wide web community at large at



      http://www.jiscmail.ac.uk/lists/data-protection.html



      If you wish to leave this list please send the command



       leave data-protection to [log in to unmask]



            All user commands can be found at : -



        http://www.jiscmail.ac.uk/help/commandref.htm



Any queries about sending or receiving message please send to the list owner



              [log in to unmask]



  (all commands go to [log in to unmask] not the list please)



   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^