JISCMail - DATA-PROTECTION Archives

While I feel desperately sorry for the staff member as a human being because
this is likely to lead to the end of their current employment I cannot see
how they felt they had the need or the authority to send the email in the
first place.

As an employer one might argue that they will not make this class of error
again, but the error itself shows seriously flawed judgement for what must
presumably be a reasonably senior role.  This is a serious breach.  That
they owned up to it is mitigation, but I suspect it would have stayed
covered up if that had been possible.

There is scope for much press coverage of this matter.  Such coverage is
outside your control, and is also likely to happen if this ever comes to
court.  It's a "Sun" and "Daily Mail" kind of article.

When it hits the press it hits Google.

When it hits Google it is contagious.

Be prepared for a Subject Access request, and recognise that you may not
delete this evidence without legitimate accusations of evidence tampering.
Prepare for the SAR now and get the documents ready.

BTW I had a brainstorm when I typed my first response.  "involve" should
have been "Avoid".  Such is life :)

Damage limitation here is hard.  You need full legal advice on how a
compromise may be reached without attendant publicity.  Even then you risk
it.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of datap
Sent: 09 February 2006 08:44
To: [log in to unmask]
Subject: Re: [data-protection] Letter of complaint and DP

The staff
I would agree with what has already been said here.
 
The staff member committed a doozy of a breach and should face disciplinary
action.  I can't even imagine what they might cite as their defence!
 
As well as involving the UKIC as suggested below, the organisation needs to
work out how much they are willing to hand out in compensation / as a
goodwill gesture.  Was there any impact on the tenant in terms of how the
mortgage lender used this information?  
 
You will have to admit to the tenant that a breach was committed, despite
the measures normally taken by the organisation and that issue will be
addressed with the staff member concerned: I think people want to know that
the offender is going to get their wrists well and truly slapped...
 
Tanya Holden
Group Information Governance Manager
 
Metropolitan Housing Group
 
www.mht-group.co.uk

>>> Tim Trent <[log in to unmask]> 08/02/2006 22:27:28 
>>> >>>

This is going to blow up on you, possibly even if you handle it well.

The person complaining has a valid complaint about conduct whether the DPA
was broken or not.

Best course of action is to both take legal advice and consider prehandling
this with the UKIC in case a formal complaint goes there.  This will at
least involve any press comment by the UKIC of "Wow, that sucks!".  Instead
they will say "We are aware of this and they have taken action over it" when
the press ask.

The staff member is likely to need to face a disciplinary process.  It's
tough, but that's the way of the world.  It was a serious error.

To me it seems like there is a case against you for damages.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Clementine Amawo
Sent: 08 February 2006 17:02
To: [log in to unmask]
Subject: [data-protection] Letter of complaint and DP

Hello all,
Yes its me again (sorry :)

Problem
A member of staff has phoned me to say that a very angry tenant has written
in a letter of complaint due to the fact that he (staff member),  had
disclosed confidential info pertaining to the tenant's housing rent account
to a 3rd party without his (the tenant's) consent.

The story
The tenant had requested for a rent reference from us that was required by
his mortgage lender (tnt is looking at going into shared ownership). The
tenant was informed by staff member that a fee of £50.00 pounds would need
to be paid in order to provide a reference. The staff member also informed
the tenant that it would be in his best interest to clear up his rent
arrears before a reference could be provided as legal proceeding were about
to begin. This the tenant did, and in mid December 2004 the reference was
provided.

Last month, one of the tenant's cheques (payment towards his arrears),
bounces. The staff member then emails the tenant's mortgage lender informing
them of the fact that the tenant is currently being pursued for rent arrears
following a 'bounced' cheque. The email also informed the mortgage lender
that a letter had been sent to said tenant advising him that our solicitor
will be instructed to apply for a possession hearing.

In the tenant's letter of complaint he writes that -

"....I spoke to my mortgage lender and to my shock and dismay I was informed
that they had received information from (staff member) that they had neither
requested or required"

The tenant is now obviously outraged at this flagrant breach of
confidentiality and the DPA 1998 by disclosing confidential information
without his permission. The tenant has been advised by his solicitors to
write this letter of complaint, and await our response before taking any
decision as to whether to proceed with legal action.

End of story

Personally I feel that the staff member has breached, the Act in revealing
such info to the mortgage lender, especially as it was not asked for.
Does the tenant have a case? Is the staff member wrong? How do we rectify?

Advice most eagerly welcome

Thanks
____________________________________________
Clementine Amawo
Information Management / Data Protection Officer (IT) Circle Anglia 



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



----------------------------------------------------------------------------
----------------------------------------
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the originator of the
message. This footer also confirms that this email message has been scanned
for the presence of computer viruses.

Any views expressed in this message are those of the individual sender,
except where the sender specifies and with authority, states them to be the
views of Metropolitan Housing Trust Ltd.

Metropolitan Housing Trust Limited is Charitable, registered under the
Industrial and Provident Societies Act 1965  No. 16337R.

Metropolitan Home ownership is Charitable, registered under the Industrial
and Provident Societies Act 1965  No. 16337R.

Stepforward is Charitable, registered under the Industrial and Provident
Societies Act 1965  No. 16337R.

MHT Social Investment Foundation is Charitable, registered under the
Industrial and Provident Societies Act 1965  No. 28795R.

Refugee Housing Association Limited is Charitable, registered under the
Industrial and Provident Societies Act 1965  No. 20735R.

Rushcliffe Homes Limited is registered with the Charity
Commission: No. 1095063.

Scanning of this message and addition of this footer is performed by
SurfControl E-mail Filter software in conjunction with virus detection
software.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^