Mumsnet has not checked the qualifications of anyone posting here. If you have any legal concerns we suggest you consult a solicitor.
ZOMBIE THREAD ALERT: This thread hasn't been posted on for a while.
Breach of data protection - how serious is this and where do we stand?(69 Posts)
Myself and DH have lived in the UK for 7 years working and studying. I am an EU Citizen and DH is not. We sent our applications for permanent residency to the UK Border Agency last October and enclosed all the necessary supporting, original documents as proof of residency and excercise of Treaty Rights in the UK for the past 6-7 years. The supporting documents included not only private information, such as wage slips and P60-forms and tenancy agreements, but also sensitive information, such as DH's national security clearance including his CRB, which he needs to have done every two years for his job.
We were recently contacted via letter by a man unbeknown to us, who informed us, that he had been sent all our supporting documents by the UKBA in the post. The man had himself been an applicant for an EEA-permit. In his letter the man has enclosed pictures of our documents, which he took before sending them back to the UKBA together with a complaint (he has also sent us his complaint). Not only did the man receive all our documents, but these were sent together with his own in an unorganised stack, which he had to flip through in order to separate his own documents from ours! In addition to sending his letter and pictures of our documents to our present address, the man had also sent it to our two former addresses, as he had not been 100% sure which address was our present one. The man seems very sincere and we are very happy that he has contacted us, as we have certainly not heard anything from the UKBA even though the man had received our documents over a month ago.
We are obviously very upset by this and have now submitted our complaint to the UKBA. We understand, that should we not be happy with the outcome of our complaint, we can complain further to the Information Commissioner and our MP. We were just wondering, whether it might be worth it to also sue the UKBA, as we understand they are not liable to offer any monetary compensation and the ICO cannot make them. We don't have any money to spare for legal consultation though and fear it would be a lengthy and stressful process.. Where do we stand? How serious a breach is this in the grand scale of things? Obviously for us it is deeply distressing, but how common is this to happen..?
Picturesinthefirelight that's encouraging that they've clearly changed their procedures to avoid similar incidents!
Student loans company did the same to me, posting some random strangers bank statements etc in with mine.
You are entitled to an explanation and an apology. I would be concerened that the man took photos of your documents. However, you shouldn't expect compensation unless you lose money, and seeing that any hacker worth his salt could get copies of any of your documents then no, I don't see why you should get financial compensation.
Is this guy's name similar to yours baloo ?
I think the UKBA should be fined. I know they won't be.
I really do not like the concept that there is no comeback for the UKBA and they can fuck around as and how they please, while collecting a cosy little pension.
What losses have you incurred from this happening?
The point of compensation is to cancel out loss you have suffered due to someone else's cock up. If you haven't suffered a loss, I don't see how you could be entitled to compensation. Yes, it is bad, but apart from complaining and getting an apology I don't really see what else there is for you.
Should the check out girl who accidentally overcharges us 20p also lose her pension?
Should the teacher who accidentally marks Junior's homework wrong when it was right lose hers?
The hairdresser who makes us look like a muppet?
The administrator who inputs a bit of data wrong?
Show me a human being who hasn't made a mistake at work that has had a greater or lesser impact on others....cumfy have you never made a mistake at work?? Honestly? Are you offering up your pension as well?
We all make mistakes.
I know I do, and I take full responsibility, when I do.
The examples you give are all slips of the finger or equivalent
Checkout girl corrects the mistake when it's pointed out or 20p.
Hairdresser loses a client and some reputation and the client can refuse to pay.
The administrator makes a slip of the finger. Entirely human. Keybard errors are entirely expected and forgivable.
Some fuckwit at UKBA can't be bothered to put documents in envelopes....
That is not a slip, they are a twat and should be replaced by someone on the dole queue who is prepared to put in the minimal effort and diligence required to effect such tasks.
OK so not on 1st offence but 2nd definitely.
Do you seriously have no standards NotTreading.
In any case I was simply making the point that giving the UKBA carte blanche in these circs is a green light for a slipshod culture, giving employees whom you might not feel confident can tie their own shoelaces an air of untouchability and power.
Is that what we want ?
Actually (and completely off topic) reminds me of when I was very young working at a mortgage company were we had our own direct dial numbers which happened to have the same area code as my home number and I put my home number on a batch of letters that were sent out one day. My mom was very bemused with the wrong calls she kept getting until we put 2 & 2 together.
Mistakes happen however there were a couple of instances (not by me by the grace) where documents went to the wrong people and indeed the other person contacted the person direct as in this case and they were dealt with very seriously in house even though the end user may not have thought so however it was on a case by case basis as to whether it was continual bad habits or a one off out of character issue
It is when the mistake is noticed, pointed out but still they did not rectify the situation - which was the case here. The other man let them know but they kept quite hoping the problem would go away - it was only due to the man contacting them that they knew
i opened a bank account, unknown to me the next people were also given my bank number and they set up a direct debit to come out of my account, they also deposited 8000 pounds in my account . Of course they noticed the money had disappeared and told the bank and the bank rectified their problem - but instead of rectify the whole problem and getting in contact with me they left it there with someone else having all my bank details - it wasn't until the bank sent me notification of me being overdrawn that I was aware there was something wrong - as the direct debit had still left my account to pay the other peoples bills, my statement showed the 8k coming in the 8k going out and then the bills leaving my account.
The bank had my name, address, passport photocopy, driving licence but didn't bother to contact me to say - we made a mistake can you come in to sort this out please
it is whether an organisation can be arsed to make sure they clear up their mistakes behind them or they just leave them to get found out by themselves.
About a million should cover it.
Hello all! I only noticed the new replies now: I had thought the topic was now closed..
As stated previously, I appreciate that mistakes happen and that generally monetary recompense is only available in the event that there are actual losses. However, recompense/reimbursement and compensation to me mean two different things: compensation is meant to compensate for losses not covered by reimbursement of direct costs and could mean various indirect things that are difficult to quantify such as wasted time, loss of enjoyment and having to take unnecessary risks etc. Generally, you could expect a prudent person to have insurance cover for such eventualities and I am aware that insurance policies even exist for identity fraud. However, I don't think it's reasonable to accept anyone to have insurance cover in case the UKBA loses your supporting documents..
I would be happy to accept an apology if my Boots Advantage-card or similar was sent to a wrong address or I got wrong amount of change when buying milk. However, I think there is a difference in grade between such a minor incident and the one at hand: all my private and sensitive information from the past 6-7 years being sent to a completely random person by a public body, who is supported by the taxpayer is just not on. To top it off, we have still not been contacted by the UKBA, even though it's been over a month now.
The Data Protection Act provides that compensation is available for distress caused by a breach. This can only be awarded by the court and there are no amounts mentioned in the statute. It is good and right for the ICO to ensure that any breaches are being put right and that changes in procedures are implemented to avoid future mistakes. After all, this is what the ICO is there for! However, even if and when the ICO gets involved and slaps the UKBA on the wrists, we are still left with the fear that somehow our information will have been leaked and will be misused in the future! Therefore, the remedy secured by the ICO has been achieved for the public, but not directly to us as individuals. This is why I wanted to know, where we would stand, should be choose to pursue the matter further.
Shit happens, granted! But in most identity fraud cases, you cannot easily point to where the information was compromised, in this case you can..
OP, I'm a lawyer and deal with data protection issues quite a bit. If you were to issue a claim on the basis of the facts you've described, a court would give it very short shrift. The appropriate action is to complain to the ICO and let them fine the UKBA.
'Potential' loss is not a form of damage for which a court will award you recompense. The sort of 'distress' the Act covers is things like when your medical records showing that you have HIV are made public. Not the possibility that someone somewhere MAY try to steal your identity.
OP, "compensation" is exactly that, you have no losses and you are not entitled to any compensation. Your attitude saddens me. How many times do you see people who have genuinely suffered losses say "I just want an apology" .
I give up! The general concensus appears to be that it's ok for a public body to make mistakes on such a scale, as long as they say they are sorry! That is what actually saddens me..
The public body will face hefty fines, trouble is where do you think the money comes from to pay hefty fines? The tax payer who is paying for the public body and that's rather odd
What you want is compensation, but you faced no loss, so explain why you should receive money from the public purse
That is actually part of my point; as a taxpayer, I am paying for the fine issued by the ICO. So essentially, they make a mistake, say sorry and I pay for it... I probably wouldn't be so angry if someone would've actually bothered to contact us and explain what happened, and yes, apologise. The lack of contact, the fact that I am unable to open a savings account for DS and book tickets to visit my mother in the summer, as this unreliable organisation has my passport (hopefully, unless it was sent to someone else by mistake) is upsetting.
No-one's saying its ok for a public company to make mistakes, but what we are all saying is that mistakes happen, and for you to expect to get money because of a mistake, when you have suffered no financial loss, makes you sound greedy.
That money is the same money that pays for disability benefits, the NHS and schools. Yet still you feel entitled to it?
No, I don't feel entitled to the money that pays for disability benefits, schools and the NHS. That would certainly be greedy!
I do, however, feel entitled to not have to pay for the fine, to a timely acknowledgement of the error and an apology.
From the Parliamentary Ombudsman's most recent report on the UKBA's performance ( grim read to say the least..) I note that consolatory payments have indeed been deemed appropriate and subsequently awarded in several similar cases to mine (not factually identical, but serious handling mistakes). This of course raises questions on whether the UKBA in general is fit for purpose and appropriately using public funds, but that's a topic for another thread entirely..
Are you planning to make a complaint to the Information Commissioner's Office?
No one will give you compensation. I very much doubt that the organisation will be fined, unless perhaps there have been complaints about the same thing happening before. The ICO is a very weak organisation.
Yes, we will complain to the ICO unless we hear from the UKBA within a reasonable timeframe, which should be by the end of the month at the latest, as this will then give them a month to look into our complaint and two months into the complaint the other man made. I think we're being more than fair and it says on the ICO's website that you should give the organisation a chance to put things right first..
Dromedary, great! So there is no likely remedy for us as individuals or for the public!
Baloo, how much do you think you should be entitled to?
Join the discussion
Please login first.