Legal Beagle Required

mikem

mikem

Junior Member
Messages
240
My wife and I took early retirement a few years ago. However we do work a few (literally) days a year (zero hours contract) for a bit of beer money/Prosecco.
We work for a large international company.
We went away on friday for a long weekend only to return today to find an email (sent on thursday) from said company with an attachment comprising of a complete spreadsheet of company emplyees (including us), with everyones details in the form of addresses, N.I. numbers etc.

They realised their mistake and late friday evening sent another email requesting everyone delete offending spreadsheet. Stable door and horse bolted springs to mind.

This appears to be a breach of the data protection act?

Do we have any form legal protection if we suffer i.d. theft or other forms of loss?

Can we demand recompense for monetary loss as a result of this act of incompetence?

We are obviously very concerned.


Any advice appreciated.
 
Felonious Crud

Felonious Crud

Administrator
Staff member
Messages
21,141
Hi Mike. Sorry to hear that. This isn't a legal opinion, just a lay opinion. Whilst what happened was indeed pretty incompetent and likely in breach of the Data Protection Act which, amongst other things, defines how employee data should be used and stored (including the security of that information). Clearly sending an open email to employees including personal data of all employees is not a secure thing to do, so if you're worried you can contact the information commissioner's office and they'll likely haul your employer over the coals and potentially fine them, eventually. Check the ACAS web-site for details.

I'd be surprised if you had any right of recompense for monetary loss because there isn't any monetary loss, and in the event that you were to suffer any ID theft then linking that back to the act of your employer would be hard / impossible.

Personally I'd not worry. Just keep an eye on bank transactions, look out for dubious phishing emails (trying to get personal data from you) and so on. Frankly, all the things that we all should be doing anyway.

I hope that helps in some way.
 
allandwf

allandwf

Member
Messages
10,987
I wouldn't worry either. Any scam merchants etc. would be targeting elsewhere, this would be a very small fish in a sea of data.
 
mikem

mikem

Junior Member
Messages
240
Felonious Crud said:
Hi Mike. Sorry to hear that. This isn't a legal opinion, just a lay opinion. Whilst what happened was indeed pretty incompetent and likely in breach of the Data Protection Act which, amongst other things, defines how employee data should be used and stored (including the security of that information). Clearly sending an open email to employees including personal data of all employees is not a secure thing to do, so if you're worried you can contact the information commissioner's office and they'll likely haul your employer over the coals and potentially fine them, eventually. Check the ACAS web-site for details.



I'd be surprised if you had any right of recompense for monetary loss because there isn't any monetary loss, and in the event that you were to suffer any ID theft then linking that back to the act of your employer would be hard / impossible.

Personally I'd not worry. Just keep an eye on bank transactions, look out for dubious phishing emails (trying to get personal data from you) and so on. Frankly, all the things that we all should be doing anyway.

I hope that helps in some way.
Click to expand...

Thanks. I hope you are right. I am just so outraged at their incompetence.
 
safrane

safrane

Member
Messages
16,828
Reminds me of the last c o c k up with my personal details.

A rental car was delivered to me with the last renters 'TAG' still on the screen. I was taking it one way to London so left it at my house and told the Co they could collect and retun the following week along with my London rental...

However they decided to give the owner of said TAG my phone number. She called and asked if could collect it when I returned from London.

A little bemused I asked how she would do that given I was away, she then told me the rental Co had told her my full name, address and telephone numbers and when I would return!

All this from the manager who is the regional lead for information assurance... who also knows who I work for...I could not believe it.
 
mjheathcote

mjheathcote

Centenary Club
Messages
9,037
After my daughter left nursery for school, a few weeks later we received via email from the Nursery's accountant a spreadsheet listing details of all parents/children at the nursery, and what they owed/outstanding in payments.
Unbelievable! sent in error of course and they didn't even know they had sent it to us until we told them.
We didn't know what it was at first, but you can't un-see what we saw on the spreadsheet.
 
MarkMas

MarkMas

Chief pedant
Messages
8,899
[Not a Lawyer - this is not advice]
What Crud said.
Plus: Your exposure and potential harm depends a lot on what data was shared - neither address, nor NI Number give you a lot of exposure since addresses are easily known and NI numbers are not particularly sensitive. Hard to see what harm could come from that (any more than might cone from your dentist's receptionist, for example, also knowing that information).

This similar case, where 781 people who had attended an HIV clinic got an email exposing the names and email addresses of the other 780 patients, might be of interest:
http://www.bbc.co.uk/news/technology-36247186
https://www.leighday.co.uk/News/News-2016/May-2016/Patients-lawyer-welcomes-fine-of-NHS-Trust-for-da
 
zagatoes30

zagatoes30

Member
Messages
20,908
Sounds like a personnel dump file and if it is just name address and NI details then this is not hard to come by data. If it had bank details as well and any individual specific data then that might be different. Incompetence at either individual or company level is far to common these days especially with data being easy to download and manipulate.
 
You must log in or register to reply here.