Received email not meant for me - GDPR?

[ThatCurlyGirl]

Eek I've received a whole email thread not meant for me.

It's from my accountant but they've sent it to me by mistake as first letter of my name is the same of the recipient he meant to send to.

I read it because we are going back and forth on a similar topic at the moment so initially assumed it was for me.

Usually I'd just let him know and delete but in the thread the other client (that is was meant for) is arranging a repayment plan as a close family member has recently died - it mentions this in detail and specific financial information too.

I have had to do a similar plan and also disclose medical information to agree a repayment plan since my accident and would be cross if my information was shared with another client of theirs.

Especially because we are in a small industry and while I would never dream of mentioning the details to other people IRL, I would be gutted if it had been sent to someone gossipy who then disclosed info to other people.

I don't really know what I'm asking - should I let the accountant know and leave it there? Is this a breach of GDPR? If the other client is struggling with money already would she have any claim to help her out if they were found to have breached GDPR?

Not really sure what I'm asking - I guess whether I should do anything or just delete and leave it completely?

It sounds like someone under pressure for time who's a bit careless.

I would forward them to the intended recipient with a note explaining that someone incompetent or very stupid keeps sending their personal information to you, and ask if they in turn are receiving yours.

Same person again, the owner of the business - and he's fibbed saying they sent the first one to her other old email address, not to a third party. But then sent the fibbing apology to me again!

I understand whatever I do people will think I'm overreacting or under reacting but I just wanted some advice in case there was an overwhelming consensus.

But pretty shitty to make the same exact error two times in one day, especially as before the second time I'd already flagged the first error!

Thanks to anyone who gave me advice, much appreciated.

are you sure theyre not just ccing you into the email?

I think I would have to report it after the second one. Also look for another accountant.

@processedpea

100% sure it's just to my email address, in error x

I would report this to the ICO and then move accountants. They clearly don't take care of personal information. Who knows where yours might be sent?

Bloody hell thats incompetent.

Although that said, Barclays sent my home address and contact details to my abusive ex partner and basically did nothing. The ICO referral was made two months ago and I'm three months away from it being investigated, apparently...

He's a fucking twit! If he can send her shit to you, he can sent your shit to her.

Not acceptable.

I'd be calling them and reading them the riot act. Actually no, I'd be asking how was I sure that they're not sending random private sensitive info re myself to Joe Bloggs! And I would be mentioning the ICO.

Anchor, I remember your thread - no further along?

The only times it has happened to me have been predictive email addresses autofilling.

My friend about 15 years ago made a Freudian slip and sent a text message to a guy she had spent the night with, intended for her other love, telling him that she couldn't wait until he was back from Greece I've never seen anyone go as pale in their life. I was like 'What did you say?' 'Can't wait until you get home from Greece and I can hold you, miss you so much'. But she sent it to the guy who had just left her bed hahahaha. Needless to say, she ended up with neither of them. The guy refused to listen to her apologies.

Oh @AnchorDownDeepBreath I remember your thread, I really hope you're OK - cannot believe they are still making you wait for this to be addressed. Fucking hell, you poor thing :(

Switch accountants - that's just incompetency of the highest; given they've e-mailed you twice! Other than that I can't see that you have over or under-reacted. But it need not unnerve you so much.

This happened to me only it was physical post that went to our neighbour from our financial advisers. It was the wrong number of house. Our entire finances were detailed and the envelope had been opened when we asked for it back! We had an expensive bottle of wine as an apology but still...

Hi all.

Saw this on my news feed and had to sign up as the lack of knowledge here was painful.

Bit of background. I'm a consultant for data protection and have worked with many big companies assisting with compliance etc.

If you receive an email from someone designed.for someone else.

Here is what you do.

1. delete the email asap
2. email the sender informing them of this mistake.

Why
Doing anything else actually makes you accountable to GDPR. Deciding what to do with osmone else's data makes you liable for damages and can make you breach the gdpr yourself opening you up to fines etc. It's not worth it. Ever.

Ico involvement.

We all make mistakes. Auto correct etc doesn't help. If you feel your rights have been breached or it is very serious then feel free to report. The likely outcome is actually very little. In these instances it is 1 mistake effecting one person. If you have deleted the information the breach is contained. The ico will not get involved. If there is a trend the will though!

Happy to answer any questions as I know it's a minefield.

Sadly many want "compensation" for mistakes which just causes the system to not work.

Digitalworld

How do you know if your data has been deleted though? So in my case I was the "victim". An e mail, meant for me and containing a lot of personal information was sent to a random person. They were asked to delete it. How do I know they did it? How will I know if I suffer loss as a result is they sell the information on?

Hello DecomposingComposers,

Its a good question.

In honesty, the ammount of data that exists on you will shock you. To put that in perspective, a friend did a study on Tinder (linked to Facebook) and requested all the information they had on her. She recieved 500 pages of documents, detailing literally every aspect about her location, life, habits the lot.

Data about you is everywhere. There are differant "types" of personal data, there is the usual personal information and "sensitive" this can include sexual preferance, poltiical belifes etc.

The company has to act in their capacity of a data controller, in which they are liable for any data going missing. And must ensure that risk is mitigated.

Now to put this in persepctive. There are 2 places information will go

1. a company - they will be bound by a contract which forces them to comply with data protection and as such ensure a request of deletion is followed through
2. or 2 a person. Now that person can choose not to comply, however they are then acting as a controller in their own right and can be fined under the GDPR themselves.

Usually though, the information that has been given , serves absolutely no value to an honest citizen and 999 out of 1000 times they will just ignore the info or delete it as requested.

In all honesty i have worked for many companies and consulted with many companies and sending data to the wrong person is VERY common (its is human error in most aspects) and as such it is usually not repotable to the ICO and you usually do not have to tell the person whose data you sent. Unless it is likely to restrict their rights and freedoms.

This information is subject to interpretation, i cannot give a full opinion without a lot more detail.

What i will say is that if the information about you is likely to cause you Harm then it elevates the severity .

Honestly you would know if it effected you.

for example a company gets hacked and looses thousands of details about their customers. Over a period of indefinite time, their bank accounts are drained of money.
This is a prime example of how it would effect you. It is up to the company who controls you data to weigh it up based on their own internal policies (which can be scrutinized at any time by the ICO).

I can honestly say that a company reaching out to inform you and make it "right" however backwards it seems. usually is going above and beyond what they have to do and that deserves a pat on the back.

I hope this helps! Sorry it was wordy, The GDPR is in no way clear cut and has many grey areas.

Thank you.

It was my full medical records, plus identifying information so name, address, date of birth, NI number .

I really doubt I would ever be able to prove if it was used and we don't know who it went to, other than their e mail address.

I suppose it's just like documents getting lost in the post, in effect.

Just so annoying - it was password protected but they e mail you the password at the same time as the document. You couldn't make it up.

OP, did the email from the accountant not have a GDPR statement at the bottom advising you of what to do if you received something not intended for you?

For example, my outgoing emails always have the following added automatically:

^The content of this email (and any attachment) is confidential. It may also be legally privileged or otherwise protected from disclosure.
This email should not be used by anyone who is not an original intended recipient, nor may it be copied or disclosed to anyone who is not an original intended recipient.^

If you have received this email by mistake please notify us by emailing the sender, and then delete the email and any copies from your system.

There seem to be a lot of people in the world who can't grasp e-mail. I have had a lot of confidential info from the US and Australia sent to me because I have namesakes there who unaccountably seem to keep giving people my e-mail address instead of theirs.

um haven't read all thread (sorry if I am repeating someone else!) but the thing that came to my mind is what if one for you went to this person - so you most certainly need to inform them & ask them to check!

@mumwon, can you clarify your statement, finding it hard to read.

In this case Decomposing, i would consider reporting to the ICO

In this case Decomposing, i would consider reporting to the ICO

It was reported. It doesn't alter anything does it? I guess it's just recorded somewhere.

Reporting it just notifies the ICO, however currently it seems they are tackling bigger companies and working down unless it is clear that company is being overly negligent.

My DS school sent out a personal email to a parent regarding a very serious issue and banning the parent from entering the premises without an escort to EVERY PARENT

--Of course I didn't read it