While I feel desperately sorry for the staff member as a human being because this is likely to lead to the end of their current employment I cannot see how they felt they had the need or the authority to send the email in the first place. As an employer one might argue that they will not make this class of error again, but the error itself shows seriously flawed judgement for what must presumably be a reasonably senior role. This is a serious breach. That they owned up to it is mitigation, but I suspect it would have stayed covered up if that had been possible. There is scope for much press coverage of this matter. Such coverage is outside your control, and is also likely to happen if this ever comes to court. It's a "Sun" and "Daily Mail" kind of article. When it hits the press it hits Google. When it hits Google it is contagious. Be prepared for a Subject Access request, and recognise that you may not delete this evidence without legitimate accusations of evidence tampering. Prepare for the SAR now and get the documents ready. BTW I had a brainstorm when I typed my first response. "involve" should have been "Avoid". Such is life :) Damage limitation here is hard. You need full legal advice on how a compromise may be reached without attendant publicity. Even then you risk it. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of datap Sent: 09 February 2006 08:44 To: [log in to unmask] Subject: Re: [data-protection] Letter of complaint and DP The staff I would agree with what has already been said here. The staff member committed a doozy of a breach and should face disciplinary action. I can't even imagine what they might cite as their defence! As well as involving the UKIC as suggested below, the organisation needs to work out how much they are willing to hand out in compensation / as a goodwill gesture. Was there any impact on the tenant in terms of how the mortgage lender used this information? You will have to admit to the tenant that a breach was committed, despite the measures normally taken by the organisation and that issue will be addressed with the staff member concerned: I think people want to know that the offender is going to get their wrists well and truly slapped... Tanya Holden Group Information Governance Manager Metropolitan Housing Group www.mht-group.co.uk >>> Tim Trent <[log in to unmask]> 08/02/2006 22:27:28 >>> >>> This is going to blow up on you, possibly even if you handle it well. The person complaining has a valid complaint about conduct whether the DPA was broken or not. Best course of action is to both take legal advice and consider prehandling this with the UKIC in case a formal complaint goes there. This will at least involve any press comment by the UKIC of "Wow, that sucks!". Instead they will say "We are aware of this and they have taken action over it" when the press ask. The staff member is likely to need to face a disciplinary process. It's tough, but that's the way of the world. It was a serious error. To me it seems like there is a case against you for damages. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Clementine Amawo Sent: 08 February 2006 17:02 To: [log in to unmask] Subject: [data-protection] Letter of complaint and DP Hello all, Yes its me again (sorry :) Problem A member of staff has phoned me to say that a very angry tenant has written in a letter of complaint due to the fact that he (staff member), had disclosed confidential info pertaining to the tenant's housing rent account to a 3rd party without his (the tenant's) consent. The story The tenant had requested for a rent reference from us that was required by his mortgage lender (tnt is looking at going into shared ownership). The tenant was informed by staff member that a fee of £50.00 pounds would need to be paid in order to provide a reference. The staff member also informed the tenant that it would be in his best interest to clear up his rent arrears before a reference could be provided as legal proceeding were about to begin. This the tenant did, and in mid December 2004 the reference was provided. Last month, one of the tenant's cheques (payment towards his arrears), bounces. The staff member then emails the tenant's mortgage lender informing them of the fact that the tenant is currently being pursued for rent arrears following a 'bounced' cheque. The email also informed the mortgage lender that a letter had been sent to said tenant advising him that our solicitor will be instructed to apply for a possession hearing. In the tenant's letter of complaint he writes that - "....I spoke to my mortgage lender and to my shock and dismay I was informed that they had received information from (staff member) that they had neither requested or required" The tenant is now obviously outraged at this flagrant breach of confidentiality and the DPA 1998 by disclosing confidential information without his permission. The tenant has been advised by his solicitors to write this letter of complaint, and await our response before taking any decision as to whether to proceed with legal action. End of story Personally I feel that the staff member has breached, the Act in revealing such info to the mortgage lender, especially as it was not asked for. Does the tenant have a case? Is the staff member wrong? How do we rectify? Advice most eagerly welcome Thanks ____________________________________________ Clementine Amawo Information Management / Data Protection Officer (IT) Circle Anglia ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ---------------------------------------------------------------------------- ---------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. This footer also confirms that this email message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Metropolitan Housing Trust Ltd. Metropolitan Housing Trust Limited is Charitable, registered under the Industrial and Provident Societies Act 1965 No. 16337R. Metropolitan Home ownership is Charitable, registered under the Industrial and Provident Societies Act 1965 No. 16337R. Stepforward is Charitable, registered under the Industrial and Provident Societies Act 1965 No. 16337R. MHT Social Investment Foundation is Charitable, registered under the Industrial and Provident Societies Act 1965 No. 28795R. Refugee Housing Association Limited is Charitable, registered under the Industrial and Provident Societies Act 1965 No. 20735R. Rushcliffe Homes Limited is registered with the Charity Commission: No. 1095063. Scanning of this message and addition of this footer is performed by SurfControl E-mail Filter software in conjunction with virus detection software. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^