Data protection act breach

[Theincidental]

A n organisation who held confidential information about me and others has admitted a breach of the data protection act in a sensitive matter involving an anti social behaviour complaint.

This breach could endanger mine and other people's safety.

The organisation have offered me a small sum in compensation to which conditions are attached absolving them of liability and any further action- effectively closing the matter.

I am not interested in the money.

It's more serious than that and I'm concerned for my safety and those of others involved who do not know their confidential information has been breached.

I plan on talking to them further and possibly referring to the ICO.

Does anyone have any advice as to what to say and how to go about this next step?

The organisation are appearing to be reasonable and until I received the compensation offer, I thought they were serious about trying to resolve it, but now I'm less sure.

The ICO have a helpline you can ring for advice 0303 123 1113. They can advise you on what to do next, whether or not you end up making a formal ICO referral.

I have contacted them in the past and they were very good. They told me exactly what to put in my email, paragraph by paragraph, and who to send it to.

Thank you. That's very helpful.

I feel a bit stuck because I think if I tell the organisation I'm communicating with the ICO, then they'll clam up and stop addressing the problem. Given the issue, it really needs prompt action and I'm a month into a complaints process already with nothing concrete happening!

Could you speak to your MP?

The organisation should have self referred to the ICO. You could ask them if they have done so.

If they are referred to the ICO part of what they will be required to do will be to address the problem. I believe that the ICO is good at acting quickly where necessary to protect personal data, so I doubt there's anything to lose by you contacting them.